[tcp] NFS.SERVER.IP.ADDR:/fs/resources/name: RPCPROG_MNT: RPC: Authentication error; why = Client credential too weak
thats because when NAT happens the router will surely translate the tcp/udp port to something unprivileged. one must write the NAT rules to use static ports mapping.
openbsd pf users would go with using static-port option:
nat on $public_interface from $private_network to any -> $public_address static-port
ofcourse, this is not exactly an option when issuing mount requests from multiple nat clients.
however, if you have access to the nfs server in the scenario above, you just have to configure it for accepting requests from non-privileged ports as well. on BSD you have to set the rc_ var nfs_reserved_port_only to "NO" and restart the nfs daemon (it doesn't have anything to do with mountd in this case)