Things work, somewhat. However, I'm having problems, I think, mapping icmp
packets. tcpdump gives me the following message from time to time:

16:25:27.546627 [dynamic ip address] > [remote system]: icmp: [ipnat mapped
system] unreachable - need to frag (DF)

I'm trying to get a Mac-based web browser (Internet Explorer, FWIW) to
connect to various web sites. Some sites come through okay, but other sites
have problems, as shown in the message, above.

I'm not sure what's up... I can ping my Mac from my NetBSD box, and vice
versa, so the problem doesn't seem to be the link between the two.

Here's `ipnat -l`:

map ppp0 10.0.2.0/24  -> 198.70.40.45/32  portmap tcp/udp 10000:65000
map ppp0 10.0.2.0/24  -> 198.70.40.45/32

Playing around with netmask values doesn't seem to be the answer, BTW. At
least, I wasn't able to effect any positive changes that way.

Is this likely happening because the remote web server is trying to send my
Mac an icmp packet that's not getting through? If so, what's the proper way
to force remote icmp packets through ipnat? I had thought the second
mapping, above, would have done that for me.

Thanks in advance for the advice!

--
        Mason Loring Bliss    /\    mason@acheron.middleboro.ma.us
     www.webtrek.com/mason   /()\   awake ? sleep() : dream();
<barbaric>YAWP!</barbaric>  /    \  Squeak to me of love!