Space Case wrote:
> 
> On Aug 8, 10:18pm, nverenin wrote:
> >Actually, I don't think any of the *IX ip filtering/translating systems
> >(ipmasq/ipfw,ipnat/ipf) support static NAT either. It would seem to be
> >something only found in commercial firewall software. No reason why
> >something like ipf couldn't support it; it's probably not a highly
> >requested feature, though, and it would not work with certain types of
> >systems (cable modems come to mind)...
>           ^^^^^^^^^^^^
> Huh?  That's exactly the reason I've been struggling with getting this PC up
> and running on NetBSD, to put a network of Macs behind it instead of just the
> one now connected to the cable modem.  You mean my efforts have been in vain?
> 
> ~Steve

For giving the Macs access to the outside world beyond the NetBSD box,
you're just going to do the basic 'hide' (n:1) ipnat setup.
/usr/share/examples/ipf gives some sample configurations that can easily
be adapted to a simple LAN environment. This will work, and it is what I
am currently using with a cable modem.

Static NAT (1:1) would not work on most cable modem systems due to their
use of DHCP and weird authentication mechanisms, like San Diego's RR
network. In addition, you'd probably need a single-media network between
the hosting machine and the upstream IP router to get proxy arp to work.
(In general, cable modems are 10bT->HFC bridges.)

-- 
nverenin@san.rr.com