I haven't looked at the stuff at dubbele.com but here are some thoughts.

> Now, all I want is to allow http (port 80) traffic thru to machine
> 10.10.10.10.
[stuff deleted]
> rdr ppp0 0/32 port 80 -> 10.10.10.10 port 80 tcp

One thing to check - the default gateway for 10.10.10.10 must be the NetBSD
machine so ipnat can rewrite the reply packets.  I imagine you would have
set it that way but maybe not.

> BTW, aren't there command to renew the ipf and ipnat rules w/o rebooting?

To renew ipnat rules without disconnecting current sessions you can use
"ipnat -C -f /etc/ipnat.conf", and to renew ipfilter rules you can use
"ipf -Fa -f /etc/ipf.conf".