You _may_ be able to apply the following setup (borrowing from
someone else's design :-) :
inside box (1)----> firewall/bridge doing nat (2)-----> default
gateway----> internet
if1 if2
Let's just suppose that if2 has the ip address IP2 configured.
1 - set interface if1 to brigde interface if2.
2 - your fw/bridge computer has a default route to a gateway that can
forward packets to the net
3 - do not assign an IP address to if1
4 - do your pf home lesson to NAT computers from the "inside network", using
"external" IP2 address
5 - somehow, the computers from your "inside network" should be set to use
IP2 as default gateway.
5 a) This implies that IP2 lies in the same net address you're
using on your
"inside network".
5 b) Or you have a static route pointing to IP2 on each "inside network"
computer.
This implies that each computer on this net segment can
talk directly to your default gateway that handles internet
connections. To
limit this communication and enforce all clients to set your bridge/fw host
as default gateway, you should create a working filter ruleset.
6 - optionally, you may want the bridge to replicate only the IP protocol....
