Darren Reed wrote:

> Have you done an "ipf -E" prior to doing "ipnat -l" and

  Okay, that did the trick!  Perhaps, that should be documented
somewhere in the CHANGES-1.4.2 files (since this apparently wasn't
necessary under 1.4.1).

> what version of IP Filter (ipf -V) are you using ?

  3.3.6 (the version included in the 1.4.2_ALPHA sources as of
yesterday), both in the kernel and userland.

> This problem was due to the IP Filter code handling ioctl's before it
> had been "enabled" (people at NetBSD seem to think that compiling it
> in should not mean it gets enabled by default).  I've added code in

  Okay, I see.  However, IMHO the system should not panic in this case. 
It would also be better if the "ipnat -l" error messages were less
misleading in that respect, too (something along the lines of "IP filter
not enabled" would help a great deal).

  Thanks for clearing this up, Darren -- at least I don't have to revert
back to 1.4.1 to get IPNAT working ;-)

  Cheers
      ,
   Rene