ppp -nat with pppoe problems

[sammy!!]

Hello,

I'm having trouble getting port forwarding to work with a pppoe (static 
ip).  I'm trying to allow outside boxes to connect to an internal box 
(port 3689) Here are the relevant files:

/etc/ppp/ppp.conf

default:
         set device PPPoE:xl0
         set mru 1492
         set mtu 1492
         set authname xxxxxxxx
         set authkey xxxxxxx
         set log Phase tun command
         set dial
         set login
         nat enable yes
         nat same_ports yes
         nat use_sockets yes
         nat unregistered_only yes
         nat port tcp 192.168.1.5:3689 3689
         nat port udp 192.168.1.5:3689 3689
         nat log yes
         set ifaddr 10.0.0.1/0 10.0.0.2/0
         add default HISADDR

papchap:
         set authname xxxxxxxx
         set authkey xxxxxxxx

----------------------
/etc/rc.conf
orwell# cat /etc/rc.conf
# This file now contains just the overrides from /etc/defaults/rc.conf
# please make all changes to this file.

# Enable network daemons for user convenience.
# -- sysinstall generated deltas -- #
#ifconfig_xl0="inet 24.104.33.68 netmask 255.255.255.192"
ppp_enable="YES"
ppp_mode="ddial"
#ppp_nat="YES"
ppp_profile="default"
#defaultrouter="24.104.33.65"
ifconfig_rl0="inet 192.168.1.1 netmask 255.255.255.0"
gateway_enable="YES"
hostname="orwell.lost-angel.com"
linux_enable="YES"
sendmail_enable="YES"
saver="logo"
keymap="us.dvorak"
sshd_enable="YES"
inetd_enable="YES"
usbd_enable="YES"
firewall_enable="YES"
#firewall_script="/etc/firewall/fwrules"
firewall_type="open"
#natd_enable="YES"
#natd_interface="tun0"
#natd_flags="-dynamic -m -redirect_port tcp 192.168.1.5:3689 3689 
-redirect_port udp 192.168.1.5:3689 3689"
keymap="us.dvorak"
# -- sysinstall generated deltas -- #
hostname="orwell.lost-angel.com"
ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib 
/usr/local/mysql/lib/mysql"
named_enable="YES"
#sysctl -w hw.atamodes=pio,pio,pio,pio >/dev/null 2>&1
#NFS Stuff
nfs_client_enable="YES"
ntpdate_enable="YES"
darwin_streaming_server_enable="YES"
darwin_streaming_server_flags=""
streamingadminserver_enable="YES"
streamingadminserver_flags=""
--------------------

If i telnet to port 3689 on the server it says conneciton refused, if I 
telnet inside the network to the 192.168.1.5 box it connects.  Any 
ideas?

sammy
(PS: Please cc my email when responding)