Is there any more ipnat info, on the web perhaps, than is to be
found in the man pages (ipnat, ipnat.conf) and the examples
folder (/usr/share/examples/ipf) ?

A previously-cited URL, http://coombs.anu.edu.au/ipfilter/, has
gone AWOL (403 Forbidden).

I'm creating a NAT router with two ethernet interfaces.  It looks
like I'm getting packets through to the "real" side from the
"private" side, but nothing gets back (acks, etc.).  Should ping
be able to work?  Should traceroute?

My ipnat lines are simple:

  map we0 10.1.0.0/16 -> x.y.z.242/32 portmap tcp/udp 40000:60000
  map we0 10.1.0.0/16 -> x.y.z.242/32

Where x.y.z.242 is the address of we0.  x.y.z.241 is the address
of my ISDN router to the real-world.

fxp0 is the private-side interface (10.1.2.20)
we0 is the real-side interface.

My ISDN router on the "real" side kicks in and starts calling when
I try to telnet to a host that should require translation, so I
infer from that that the router has received translated packets,
but I can't telnet to the router itself through the NAT host.
(I *can* telnet to it from the NAT host itself, but those packets
I assume aren't xlated.)

I will eventually have to attach hosts running tcpdump so I can
see what's going on, but before I do that, I'd like to know what
is common practice for debugging this stuff.

Sure is interesting :-)

-- 
-bmw   | Double helix in the sky tonight
       | Throw out the hardware
       | Let's do it right   -- Steely Dan; Aja