Problem with ipnat on 8.0 RC1

[pimin inwa <pimininca%gmail.com@localhost>]

Running:

NetBSD mail.wan.vpn 8.99.18 NetBSD 8.99.18 (GEMINI) #0: Sun May 27 09:56:42 PDT 2018  root%mail.wan.vpn@localhost:/usr/src/BUILD_OBJ/sys/arch/i386/compile/GEMINI i386

The GEMINI conf is different from GENERIC as follows:

1c1

< # $NetBSD: GENERIC,v 1.1180 2018/06/07 13:36:29 thorpej Exp $

---

> # $NetBSD: GENERIC,v 1.1178 2018/05/15 01:53:27 thorpej Exp $

25c25

< #ident                "GENERIC-$Revision: 1.1180 $"

---

> #ident                "GENERIC-$Revision: 1.1178 $"

27c27

< maxusers      64              # estimated number of users

---

> maxusers      128             # estimated number of users

32,33c32,33

< makeoptions   SPECTRE_V2_GCC_MITIGATION=1     # GCC Spectre variant 2

<                                               # migitation

---

> #makeoptions  SPECTRE_V2_GCC_MITIGATION=1     # GCC Spectre variant 2

> #                                             # migitation

80c80

< options       RTC_OFFSET=0    # hardware clock is this many mins. west of GMT

---

> options       RTC_OFFSET=480  # hardware clock is this many mins. west of GMT

114c114

< #options      DEBUG           # expensive debugging checks/support

---

> options       DEBUG           # expensive debugging checks/support

122c122

< #makeoptions  DEBUG="-g"      # compile full symbol table

---

> makeoptions   DEBUG="-g"      # compile full symbol table

185c185,187

< #options      GATEWAY         # packet forwarding

---

> options       GATEWAY         # packet forwarding

> options       IPFORWARDING=1  # grasping at straws with NAY problems

> options       MBUFTRACE

189c191

< #options      IPSEC_DEBUG     # debug for IP security

---

> options       IPSEC_DEBUG     # debug for IP security

194,196c196,198

< #options      CAN             # Controller Area Network protocol

< #options      PPP_BSDCOMP     # BSD-Compress compression support for PPP

< #options      PPP_DEFLATE     # Deflate compression support for PPP

---

> options       CAN             # Controller Area Network protocol

> options       PPP_BSDCOMP     # BSD-Compress compression support for PPP

> options       PPP_DEFLATE     # Deflate compression support for PPP

204c206

< #options      ALTQ            # Manipulate network interfaces' output queues

---

> options       ALTQ            # Manipulate network interfaces' output queues

The ipnat and ipf conf files used to work under NetBSD 6.??

This rule:

map re1 172.16.89.50/32   -> 50.251.213.138/32

 should map the system at .50 straight thru the NAT machine ... no??

Some connections go thru but, others timeout.  I can get to those timed out systems from the NAT'ng system.

tcpdump in the interior NIC shows the the packets arriving but, nothing on the outboud NIC.

Am I missing something between 6.?? and 8.0 ?

Hints appreciated.

TIA,

Paul N.

-- 

<intentionally left blank>