On Thu, 8 Jul 1999, James T. Nelson wrote:

> I set up IPNAT according to the FAQ's, and according to the samples provided
> with 1.3.3, and I still cannot route from an mklinux on a Mac 7500 through the
> NetBSD box on a i386 machine ppp and beyond.  I can ping the NetBSD box from
> MkLinux without difficulty, adn I can talk to the internet from NetBSD. 
> Question, is there some kind of IP forwarding setting required as in Linux?  I
> have set IPFILTER to 'YES' in rc.conf.  Has anyone had this experience?

root-> sysctl net.inet.ip.forwarding
net.inet.ip.forwarding = 1

This is for kernel compiled with 'options GATEWAY'. Otherwise, you can
set it with 'sysctl -w'.

> Also, is anything besides IPMON supposed to show up in the processes.  running
> ps -acx | grep ip gives only ipmon running.  I do not see "ipf" or "ipnat". 
> Ipnat loads in the network address translation rules correctly, as far as i
> can tell.

ipfilter and nat both live in the kernel tcp stack; there's no user
process. You don't even need ipmon unless you're loading ip filters
that have the "log" keyword.

You can view the loaded ipnat rules with "ipnat -l", ip filter rules
with "ipfstat -io". If you see any ipnat rules, then ipf must have
loaded OK, if only with an empty list.