Hello all:

Our small network is xxx.yyy.zzz.0/28 (14 valid ip addresses)
and we are out of ip numbers.

Then we received 2 new pc's for our network so I decided
to use IPNAT.
I assigned them numbers 172.17.3.10/24 and 172.17.3.11/24

I configured our cisco 1005 as follows:
Ethernet0
 ip address xxx.yyy.zzz.1 255.255.255.240
 ip address 172.17.3.1 255.255.255.0 seconday

and our NetBSD server 1.4.1 i386
ifconfig ex0 xxx.yyy.zzz.2 netmask 255.255.255.240
ifconfig ex0 172.17.3.2 netmask 255.255.255.0 alias
(in ifconfig.ex0 and ifaliases with the right syntax)

I configured a new NetBSD kernel with all the options in order
to ipnat and ipfilter works...

My ipnat.conf
map ex0 172.17.3.0/24 -> xxx.yyy.zzz.2/32 portmap tcp/udp 40000:60000
map ex0 172.17.3.0/24 -> xxx.yyy.zzz.2/32
map ex0 172.17.3.0/24 -> xxx.yyy.zzz.2/32 proxy port ftp ftp/tcp

and ipf.conf
touch /etc/ipf.conf (empty, zero bytes)

and our pc's
IP 172.17.3.10 and 11/24
netmask 255.255.255.0
gateway 172.17.3.2 (NetBSD/ipnat box)
DNS 172.17.3.2

in rc.conf
ipnat and ipfilter set to YES

And ipnat doesnt work for me.....
I have spent a lot of hours trying ipnat works.

Question:
Is absolutely necessary to have 2 physical interfaces in order
ipnat works? (I have just one... ex0)

Thanks a lot for your answer

Heron Gallegos