@johnpoz:
"Transfers were failing because name resolution failed - eventually - as best I could tell"
In the middle of the transfer? So where you doing sftp or what? Or was that just some example and you have some application/script using sftp?
As to the world being perfect and fair? Ok - you can not get a switch to do a switches job? How is that? Who would only give you 10 IPs in a 10.x.x.x network? The 10 address space has some 16 million addresses, you could have over 32k /24 networks.. What freaking idiot would set it up so a site/location/department whatever could only have 10 IPs?? Or that you would have to do nat inside your 10 space? Makes ZERO sense.. Fix that nonsense!! Or you you know what there are 2 other major networks you could leverage in the rfc1918 space that give you another 1.1 million addresses to use.. That you should be natting private address space inside a companies network is just NONSENSE.
Sanity and idiocy aside, this is not an environment I control. I work with what I have, and I have 10 IP address in a private network range and I have many systems that I need to have behind those addresses.
NAT works well in this case. Those machines need access to each other and some systems on the 10.x private network. They don't need access to anything outside those two networks.
Now if you were supporting a different company and they were also using 10 that steps on yours, then yeah you would have to nat those between your 2 companies. But that a single company would limit you to 10 ips in 10 space is just freaking ridiculous.. Bring that up to ever it is to be brought up to.. Get your IPAM guy fired if need be, clearly he has no clue to address space management if can only have 10 addresses to work with and have to nat your 75 machines.. Why could he not give you a /25 out of the some 65k /25's that are available in the 10 space? How many network segments in your whole company network??
After running into these issues with 2.2.2, I took a breath and waited until 2.2.4 came out. I set up with just IPV4 and so far it's working as I expected. Whether that's correct or plausible is whole other question, but I'm working within my limited skills on this.