Stefan Brandle wrote:
> 
...
> Is there some better documentation on ipnat? For instance, the
>     mapit :: = "map" | "rdr"
> line in ipnat(5) makes me wonder what the "rdr" means. As far as I can see,
> the documentation doesn't explain what "rdr" does.

Have a look at http://coombs.anu.edu.au/~avalon/ as to rdr, at the top
of ipnat.c:

 * Broken still:
 * Displaying the nat with redirect entries is way confusing
 *
 * Example redirection line:
 * rdr le1 0.0.0.0/0 port 79 -> 199.165.219.129 port 9901
 * 
 * Will redirect all incoming packets on le1 to any machine, port 79 to
 * host 199.165.219.129, port 9901


> The documentation SEE ALSO part keeps mentioning ipf(1), but I'm not sure why.
> I though that ipnat might piggy back off an active filter, so I activated a
> minimal filter to forward between two ethernet interfaces. Is ipf(1) relevant?

Yes, which means all the hooks for it must be compiled into the
kernel, eg.,

options         GATEWAY         # packet forwarding
options         PFIL_HOOKS      # pfil(9) packet filter hooks
pseudo-device   bpfilter 8              # packet filter
pseudo-device   ipfilter                # ip filter

and then engaged with ipf -E

Hope this helps,

 Patrick