[... original question elided ]
> 
> map ppp0 192.168.1.255/24 -> 0/32 portmap tcp/udp 40000:60000
> map ppp0 192.168.1.255/24 -> 0/32
> #
> # To make ftp work, using the internal ftp proxy, use:
> #
> map ppp0 192.168.1.255/24 -> 0/32 proxy port ftp ftp/tcp
> 
> I think it's mandatory to enable ipf (ipf -E) first, but I may be wrong.

It might not be 'mandatory', but I know for a fact that it won't work if
you don't!

I've got another one for you.

A friend of mine is trying to set up a system where one of his internal
servers (192.168.0.11) is visible on the Internet as 204.248.22.33.  The
Firewall is set up for the correct outgoing translation (just like
above).  Is there a way to do a 1:1 mapping of his internal address to
the assigned external address?  If it's any help, he's running NT, and
the MTK* that set it up says that NT won't do IP aliasing on one network
card.  If that's possible, that would also solve the problem handily.  I
just don't know that much about NT administration.

*Microsoft Trained Killer
-- 
Dave Burgess                   Network Engineer - Nebraska On-Ramp, Inc.
*bsd FAQ Maintainer / SysAdmin for the NetBSD system in my spare bedroom
"Just because something is stupid doesn't mean there isn't someone that 
doesn't want to do it...."