rc.firewall includes support for freebsd_nat_enable but it appears omitted in the "simple" firewall type. The attached patch adds such support.
I have used this change for a while to provide support for NAT on my server.
Patch attached with submission follows:
Over to maintainer(s).
Not rc.d related, and I think the -ipfw folks are in a better
position to determine if nat config falls into the "simple"
category or not.
This patch is certainly needed to make 'simple' usable out of the box.
I'd like to offer an alternative patch, reusing rather than duplicating
the existing NAT code, making it a function with the same functionality.
This patch also adds allowing outbound pings and essential ICMP to both
'client' and 'simple' rulesets, another long-term omission. I'd have
also included the complementary ipv6-icmp rules from 'workstation' but
I have no way to test and confirm their correctness.
I'll take this.
Things have changed since then