Solaris 10, ipnat/bimap address corruption issue

Strange bimap problem here. The strangeness is compounded by the fact
that I've never needed to use bimap before.

Version details:

Solaris 10, 11/06
SunOS host1 5.10 Generic_118855-33 i86pc i386 i86pc
ipf: IP Filter: v4.0.3 (500)
Kernel: IP Filter: v4.0.3

Interfaces:

e1000g0 ("external"): inet x.x.x.130 netmask ffffffc0 broadcast x.x.x.191
e1000g1 ("internal"): inet 192.168.34.130 netmask ffffff00 broadcast
192.168.34.255

Just want simple, one to one mapping between .130 to .190.

Simple rule:

bimap e1000g0 192.168.34.131/32 -> x.x.x.131/32

Resultant mapping:

BIMAP 212.50.122.56 23 <- -> x.x.x.131 23 [10.100.192.14 2089]

That address on the left has nothing to do with my networks and it
changes too, randomly.

Needless to say, packets coming from the outside going in, never make it
past the external interface. No firewall rules applied, default pass.

Appropriate published arp entry is also on e1000g0.

I found this post from 2004...
http://www.netbsd.org/cgi-bin/query-...l?number=25999. Darren
speaks in there about 4.1.2. Is this my issue, I need to upgrade to a
newer ipfiler?