The following reply was made to PR kern/36309; it has been noted by GNATS.

From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/36309 ipf 4.1.20 breaks NAT setup
Date: Sun, 27 May 2007 23:42:30 +0200

 The problem seems to come from a change in the translation
 of the IP header inside an ICMP message.
 
 The code needs to distinguish between inbound and outbound packets
 to determine wether the source or destination address of this
 header needs to be fixed.
 
 The following patch reverts that decision to what ipf 4.1.13
 was using and PMTUD works again.
 
 Index: sys/dist/ipf/netinet/ip_nat.c
 ===================================================================
 RCS file: /cvsroot/src/sys/dist/ipf/netinet/ip_nat.c,v
 retrieving revision 1.19.2.3
 diff -u -r1.19.2.3 ip_nat.c
 --- sys/dist/ipf/netinet/ip_nat.c	22 May 2007 22:52:06 -0000	1.19.2.3
 +++ sys/dist/ipf/netinet/ip_nat.c	27 May 2007 21:32:06 -0000
 @@ -2869,7 +2869,7 @@
  	 * so no change in the icmp_cksum is necessary.
  	 */
  
 -	if (nat->nat_dir == NAT_OUTBOUND) {
 +	if (oip->ip_dst.s_addr == nat->nat_oip.s_addr) {
  		a1.s_addr = ntohl(nat->nat_inip.s_addr);
  		a2.s_addr = ntohl(oip->ip_src.s_addr);
  		oip->ip_src.s_addr = htonl(a1.s_addr);
 
 
 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."