> Should I be posting this elsewhere?  I have gotten zero responses thus far...

This usually means that no-one has the answer.  This list or maybe netbsd-help
should be OK.

> Using ipnat, I am translating a block of private addresses in a /24 subnet to a single address (the external address is still private and goes into another router that nat's to a public address).? That works just fine. ?Now, I want to be able to skip natting a single IP address in that block so that it gets forwarded normally, and not translated.? Is this possible?

(I don't use NAT myself, so this is my best guess.)

I assume you have something like:

  map fxp0 192.168.0.0/24 -> 0/32 portmap tcp/udp 10000:40000
  map fxp0 192.168.0.0/24 -> 0/32

in your existing ipnat.conf to map the whole 192.168.0.0/24 block outgoing
on interface fxp0.  It looks like you might be able to add the specific
entries before this.  Something like:

  map fxp0 192.168.0.120/32 -> 192.168.0.120/32 portmap tcp/udp 10000:40000
  map fxp0 192.168.0.120/32 -> 192.168.0.120/32
  map fxp0 192.168.0.0/24 -> 0/32 portmap tcp/udp 10000:40000
  map fxp0 192.168.0.0/24 -> 0/32

might stop 192.168.0.120 from being translated.  If not, you'll need to
contruct lines such that the one IP address is left out.  For the above
(missing out the portmap ... lines):

  map fxp0 192.168.0.0/26 -> 0/32	#   0 -  63
  map fxp0 192.168.0.64/27 -> 0/32	#  64 -  95
  map fxp0 192.168.0.96/28 -> 0/32	#  96 - 111
  map fxp0 192.168.0.112/29 -> 0/32	# 112 - 119

  map fxp0 192.168.0.121/32 -> 0/32	#    121
  map fxp0 192.168.0.122/32 -> 0/32	#    122
  map fxp0 192.168.0.123/32 -> 0/32	#    123
  map fxp0 192.168.0.124/30 -> 0/32	# 124 - 127
  map fxp0 192.168.0.128/25 -> 0/32	# 128 - 255

J

-- 
  My other computer also runs NetBSD    /        Sailing at Newbiggin
        http://www.netbsd.org/        /   http://www.newbigginsailingclub.org/