David A. Gatwood wrote:

> It looks like the NAT just will not work
>at all with aliases on different networks, but the same interface.

On what version of NetBSD?  I've been doing this with 1.4 and 1.4.2 on 
mac68k and sparc without a problem.

My ISP dynamically assigned address comes in on le0 (on the Sparc).  I've 
created an in-house net using 192.168.1.x which I run NAT on.  The trick 
with one ethernet interface is to make sure the system with the ISP 
address doesn't NAT it's internal packets.  To do this I assigned it an 
address of 192.168.1.16 and use a sub-net mask of 255.255.255.248 for 
NAT. This runs NAT on packets from systems in the 
192.168.1.1-192.168.1.15 range (actually 192.168.1.15 is the broadcast 
address for the sub-net).  This also allows me to run Samba on the 192 
sub-net without anyone on the outside seeing it.  With a hardware router 
like an X-Router, LinkSys or Hawking this isn't the case and Samba file 
shares were being exposed.

Oh, the other thing to watch out for is to make sure you get a real 
address assigned before you start assigning aliases to the interface.  In 
my case when the lease expires and GTE/Verizon is screwing with their 
hardware so I can't renew the lease, my alias gets assigned as the 
primary on the interface.  Then when the lease eventually gets renewed 
the two are swapped and it causes problems with Samba and Netatalk.

If you need a copy of the setup files I used they're on my Web site.
  http://murphy.dyndns.org/NetBSD

Hope this helps,
-bob