>
>
>I can telnet from a machine assigned to the 192.168.1 domain to the ae0
>Etherface (192.168.1.1) - but not to anything outside that domain.  The
>netatalk services on my ae0 Etherface show up on my Macs on the local
>network.

Are you using IP addresses or names for telnet testing.  If you use names 
then make sure that you /etc/resolv.conf
file lists your nameservers.

Also, I assume you have a static IP address from the ADSL folks, otherwise 
the ipnat.conf file needs to contain 0.0.0.0/32 internet address.

My configuration "sorta" works (really frustrating, 'cuz the ip-nat how-to 
sucks for info).  I've got the router pluggeg into the uplink port of the 
hub and my ae0 and sn0 cards plugged into normal ports on the 
hub.  Everything else is the same as you mention.  What happens on mine is 
that packets inbound from the internet to the LAN's fake IP's get lost 
somewhere.  Not all of the packets, just some, so big WWW pages with images 
wont load completely but simple text pages will.  I just started reading 
the mapping rules pages so hopefully i can figure it out within a few days...

do a tcpdump on sn0 to see what is going by when you request an nslookup or 
something from a 198.....  machine.

Happy IPnot'ing,
Keith