Well, I found out that the trick is you have to turn on the ipf packet
filter in order for ipnat to work!  I just created a couple of no-op rules
in /etc/ipf.conf

	pass in proto tcp/udp all
	pass out proto tcp/udp all

and then turned on ipf in my /etc/rc.conf file.  Then, I added a line in
my /etc/rc.local

	echo 'starting ipnat'; ipnat -f /etc/ipnat.conf

and away we go.

Two things come to mind:

1) shouldn't the man page make some reference to needing ipf?  and
2) shouldn't there be an ipnat section in /etc/rc, possibly within the 
   ipf part?



On Mon, 24 Nov 1997, Trevin Beattie wrote:

> At 04:44 pm 11/23/97 -0800, you wrote:
> >
> >Check out the IP Filter home page:
> >
> >http://coombs.anu.edu.au/~avalon/ip-filter.html
> 
> I've read those pages and followed the examples, but I still can't get NAT
> to work.  The only way I've been able to get other computers on my local
> net to connect to the Internet is to configure Roxen as an ftp and http
> proxy server, which limits me to just those services.
> 
> (My previous postings of this problem to ipfilter@coombs.anu.edu.au have
> received no solution.)
> 
> -----------------------
> Trevin Beattie          "Do not meddle in the affairs of wizards,
> trevin@xmission.com     for you are crunchy and good with ketchup."
>       {:->                                     --unknown
> 
> 

-----------------------------------------------------------------------------
| Paul Goyette       | PGP Public Key fingerprint:  | E-mail addresses:     |
| Network Consultant |     0E 40 D2 FC 2A 13 74 A0  |  paul@whooppee.com    |
| and kernel hacker  |     E4 69 D5 BE 65 E4 56 C6  |  paul_goyette@ins.com |
-----------------------------------------------------------------------------