> From: Cedric THIBAULT
quoted text
> 
> Hello everybody,
> 
> I work on BSD 4.1, with i386 hardware.
> 
> I'm searching a way to enable a transparent firewall (without ip adress),
> probably in bridge mode.., with a capability of NAT. I know the 
> interest is
> not evident to nat some computers on the same IP lan, but it's 
> for a client,
> so....!
> 
> It seems that PF doesn't have this capability. Perhaps, it could 
> be possible
> with an another package ?
> 
> Thank's for your comments...
> 
> Cidric.

I am not sure you understand what NAT is.  When you use NAT to allow a 
system on one network to access another network, the traffic is NATted 
to the IP of the box doing the NAT.  In the case of a firewall like
device, the traffic would be given the IP address of the outer interface
of the firewall.

inside box (1)----> firewall/bridge doing nat (2)-----> Internet etc.

(1) network traffic leaves the inside box, it has the source IP of the
inside box.

(2) The network traffic is NATted by the firewall, when it leaves the
outer interface of the firewall it now has the source IP address of the
outer interface of the firewall.

Any return traffic would simply take the same steps in reverse.

If the firewall/bridge does not have any IP addresses, there is no way
that NAT can occur, It has no IP address to change the source IP to.

If I have this wrong somehow, please let me know.

s