netbsd-help: I still can't get IPNAT to work

Subject: I still can't get IPNAT to work
To: None <netbsd-help@netbsd.org>
From: None <KenJackson@ieee.org>
List: netbsd-help
Date: 01/13/2002 15:32:59
Manuel Bouyer writes:
 > On Sat, Jan 12, 2002 at 01:53:20PM -0500, KenJackson@ieee.org wrote:
 > > I can't get IP network address translation to work.  
 > > I can dial the modem and get an IP connection and everything
 > > works well on OLD486, my NetBSD machine.
 > > But the IP address from OFFICE, my Windows machine, is not
 > > being translated.
 > > 
 > > I'm not sure what to do next.  Any help is appreciated.
 > > 
 > > Here's my configuration:
 > > 
 > >  OFFICE                     OLD486
 > >  Windows              ep0   NetBSD        ppp0 
 > >  192.168.1.1 ============== 192.168.1.2 =========== Modem to ISP
 > > 
 > > 
 > > # sysctl -a |grep kern.version
 > > kern.version = NetBSD 1.5.2 (GENERIC) #3: Sat Aug 18 23:37:05 CEST 2001
 > > 
 > > /etc/rc.conf -------------------
 > > ...
 > > hostname="old486"
 > > routed=YES          routed_flags="-q -T /var/log/routedlog"
 > > ipfilter=YES                    # uses /etc/ipf.conf
 > > ipnat=YES                       # uses /etc/ipnat.conf
 > > ...
 > > 
 > > /etc/ipf.conf ------------------
 > > pass in any to any
 > > pass out any to any
 > 
 > I'm not sure this syntax is correct, I think you should have
 > pass in from any to any
 > pass out from any to any

You were right.  But I fixed this and it still doesn't work.

 > > /etc/ipnat.conf ----------------
 > > map ppp0 198.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
 > > map ppp0 198.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:40000
 > > map ppp0 198.168.1.0/24 -> 0.0.0.0/32
 > > 
 > > /etc/rc.local ------------------
 > > sysctl -w net.inet.ip.forwarding=1
 > 
 > Looks good.

As before, traffic from OFFICE is not translated and is passed
to ppp0 unmodified.  For example:

15:06:41.310504 ff 03 52 192.168.1.1.3506 > 204.255.212.10.23: S 60258768:60258768(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
15:06:44.221681 ff 03 52 192.168.1.1.3506 > 204.255.212.10.23: S 60258768:60258768(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)

What can I do to further debug this?
Can I get more information by turning on something in syslog.conf?
Am I misunderstanding the big picture?

-Ken