netbsd-help: What's wrong with my DHCP/NAT config?

Subject: What's wrong with my DHCP/NAT config?
To: None <NetBSD-help@netbsd.org>
From: Justin Dittmann <jrdittmann@wisc.edu>
List: netbsd-help
Date: 09/29/2005 18:26:57
(Sorry if you already got this... I figured this mailing-list was a 
better place to put this than netbsd-users... and I got zero responses, 
there)

What's wrong with my DHCP and/or NAT config? The box keeps on dropping 
clients every 15 minutes - meaning they still have an IP address, but 
cannot access anything outside the LAN.

Note that there are no 'dynamic' addresses given out - all of the hosts 
are static.  The advantage of using DHCP is that the end-users don't 
need to manually configure their machines.

Here's the info you may need -

***BEGIN /etc/dhcpd.conf***
Code:
deny unknown-clients;

option domain-name "sbcglobal.net";
ddns-update-style interim;

# the adphi subnet
subnet 192.168.1.0 netmask 255.255.255.0 {
        option broadcast-address 192.168.1.255;
        option subnet-mask 255.255.255.0;
        option routers 192.168.1.1;
        option domain-name-servers 65.43.19.26, 206.141.192.60;
        default-lease-time 86400;
        max-lease-time 86400;      
        use-host-decl-names on;
        //a bunch of static hosts...
}
***END /etc/dhcpd.conf***
***BEGIN /etc/ipnat.conf***
Code:
# ex0 is external
# tlp is internal at 192.168.1.1

# use ipfilter ftp proxy for ftp client transfers mode: active
map ex0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp

# Map all tcp and udp connections from 192.168.1.0/24 to external ip 
addresses
map ex0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:60000

# For all other packets, map to the external IP address
map ex0 192.168.1.0/24 -> 0/32

***END /etc/ipnat.conf***

***BEGIN /etc/rc.conf***
Code:
if [ -r /etc/defaults/rc.conf ]; then
        . /etc/defaults/rc.conf
fi

# If this is not set to YES, the system will drop into single-user mode.
#
rc_configured=YES

# default route
defaultroute="XX.XX.XX.XX" #ISP Gateway

# Add local overrides below
#
hostname=""
inetd=NO
dhclient=NO
wscons=YES
sshd=YES
sendmail="NO"

#configure the following network interfaces
ifconfig_ex0="inet XX.XX.XX.XX.XX netmask 255.255.255.248 media 
100baseTX mediaopt full-duplex up" # ISP IP Address
ifconfig_tlp0="inet 192.168.1.1 netmask 255.255.255.0  up"

# enable dhcpd server on tlp0
dhcpd=YES
dhcpd_flags="-q tlp0"

#enable ip filter
ipfilter=YES
ipnat=YES
ipmon=YES
ipmon_flags="-Dsn"

domainname="noname.lan"

gateway=YES
altqd=YES
***END /etc/rc.conf***

-Thanks
Justin