[peterwwillis]

Well you're right in a sense. But it modifies packets to a point where they are indistinguishable from the original connection, and tracks the incoming and outgoing interface sides as if they were discrete connections (there are at least four flows for every NAT connection).

Often carrier-grade routers will replace every aspect of a tcp/ip packet, like sequence numbers, windows, flags, source and dest ports, etc. Routers like these see everything going through them as a form of NAT; it's just some connections are modified more than others. The exception to this would be interfaces in bridge or monitor mode.

To your second point that modifying some layers is OK but modifying other layers is not: what rationale explains this double standard? What about the application layer do you find to be unique in that there's some expectation of purity? Does a proxy not modify layer 7 to cache and pass traffic? Does DNS not do the same?