--- rc.firewall~	2010-06-25 18:10:42.000000000 +0200
+++ rc.firewall	2010-06-25 18:11:16.000000000 +0200
@@ -318,6 +318,21 @@
 		fi
 		;;
 	esac
+	case ${firewall_nat_enable} in
+	[Yy][Ee][Ss])
+		if [ -n "${firewall_nat_interface}" ]; then
+			if echo "${firewall_nat_interface}" | \
+				grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
+				firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}"
+			else
+				firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}"
+			fi
+			${fwcmd} nat 123 config log ${firewall_nat_flags}
+			${fwcmd} add nat 123 ip4 from any to any via ${firewall_nat_interface}
+		fi
+		;;
+	esac
+
 
 	# Stop RFC1918 nets on the outside interface
 	${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}