I am stumped at trying to have an Alpha do NAT.  The weird thing is that I
can get it to get pings across from the internal network to the outside,
but nothing else (traceroute doesn't even work).

So, I offer unto thee, the following:

NetBSD-1.3.1 GENERIC on a Digital Multia 166MHz (oh the pain!)
de0 is the external network (208.163.50.xxx)
de1 is the internal network (192.168.1.1)

IPFILTER=ON (had to touch /etc/ipf.conf to make it happy)
sysctl -w net.inet.ip.forwarding=1
ipnat -f /etc/nat.rules

nat.rules:
map de0 192.168.1.0/24 -> 0/32 portmap tcp/udp 1024:65535
map de0 192.168.1.0/24 -> 0/32

I can ping anywhere from the internal machines.  Everything fails,
including resolving to the nameservers outside of the internal network.

ipnat -l shows the 'right things' with mappings, and with things like me
trying to resolv something.. I see port 53 from the nameserver, to the
internal machine.. but it doesn't appear _at_ the internal machine (like
it's not getting transmitted across de1).

Is ipf/nat 64bit clean?  Am I missing something obvious?  Something
non-obvious that the wonderful complete and cleverly-written documentation
did not point out?

Cheers,
--billc