>I have just upgraded IPFilter to the latest version (3.4.27) on
>NetBSD -current. You must recompile kernel and the ipf tools to
>use the new version:

ipnat seems not to work now.

>After reboot you should see this message:
>
>IP Filter: v3.4.27 initialized.  Default = pass all, Logging = enabled

got that.

>I have tested this on i386 and things seem to work without any errors.
>If you detect errors (or have improvements), please send a problem report
>with the send-pr tool.

machine a (ipnat gateway) and machine b (client machine behind nat):

machineb(ttyp0)# ping 198.6.1.1
PING cache00.ns.uu.net (198.6.1.1): 56 data bytes
(no output)

machineb(ttyp1)# tcpdump -Sns2000 icmp (while the ping is still running)
tcpdump: listening on sip0
09:22:50.888174 10.104.14.3 > 198.6.1.1: icmp: echo request
09:22:51.888159 10.104.14.3 > 198.6.1.1: icmp: echo request
...

machinea(ttyp0)# tcpdump -Sns2000 -itlp1 icmp (tlp1 faces machineb)
tcpdump: listening on tlp1
09:22:55.146179 10.104.14.3 > 198.6.1.1: icmp: echo request
09:22:56.146705 10.104.14.3 > 198.6.1.1: icmp: echo request
...

machinea(ttyp0)# tcpdump -Sns2000 -itlp0 icmp (tlp0 faces outward)
tcpdump: listening on tlp0
09:24:03.182037 10.104.14.3 > 198.6.1.1: icmp: echo request
09:24:04.182569 10.104.14.3 > 198.6.1.1: icmp: echo request
...

packets are getting forwarded properly, but aren't getting translated
according to the the ipnat rules i've been using for some time now.

machinea(ttyp0)# cat /etc/ipnat.conf 
map tlp0 10.0.0.0/8 -> 166.148.130.84/32 proxy port ftp ftp/tcp
map tlp0 10.0.0.0/8 -> 166.148.130.84/32 portmap tcp/udp 40000:49999
map tlp0 10.0.0.0/8 -> 166.148.130.84/32

i'll file a pr in a bit, unless there's something you can see that i'm
obviously doing wrong.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."