>how to set timeouts for nat table? i.e. how long table record is kept
>after last communication

ipnat -lv will show you.  eg:

# ipnat -lv
...
List of active sessions:
MAP 192.168.0.132  22    <- -> 192.168.0.132  22    [192.168.0.134 1020]
        age 864000 use 0 sumd 0/0 pr 6 bkt 105/105 flags 1 bytes 18674 pkts 220
MAP 192.168.0.134  1021  <- -> 10.0.1.213     6740  [172.16.4.65 22]
        age 334 use 0 sumd 0xb232/0xb232 pr 6 bkt 15/108 flags 1 bytes 4346 pkts 53
...

it's interesting to note that in src/sys/netinet/ip_state.c, there is
a line that says

#define FIVE_DAYS       (2 * 5 * 86400) /* 5 days: half closed session */

although 2 * 5 * 86400 is clearly ten days.  anyway, you can find the
rest of the default timesouts in that file.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."