> Despite specifying in my rc.conf that both ipfilter and
> ipnat are "YES", I still had to use sysctl to get ipnat
> going after rebooting.

So far as I understand, the kernel options IPFORWARDING=1 and GATEWAY will
both turn on ipforwarding (so no sysctl is required), and GATEWAY also
increases the size of NMBCLUSTERS on most ports.  I imagine ipforwarding is
not on by default in GENERIC because it is a bit safer to avoid forwarding
packets between interfaces as soon as the box is brought up.  Better the
installer/admin enables it explicitly (say, by compiling his own kernel).

However, so far as I understand, source routed packets ARE routed through
the GENERIC kernel by default, and controlled by the IPFORWSRCRT option (or
the matching sysctl).

CU!  Mike.