I recently got an ADSL line and a block of 8 IP addresses, and was
wondering if there was a way to use ipf to filter packets without also
doing NAT. My firewall machine is running NetBSD 1.5, and has 3
interfaces: ne0 - an ethernet for my LAN, ne1 - an ethernet to the ADSL
bridge, and ray0 - an Aviator2.4 wireless. Currently, I've assigned all
8 of my IP addresses to ne1, 10.1.1.0/24 addresses to the machines on my
LAN, and 10.1.2.0/24 to the wireless machines. I've got ipf filtering
stuff coming in on ne1, and ipnat's bimap mapping between the internal
10.* addresses and the external addresses. This pretty much works, but
I'd rather let my machines use their actual addresses, if possible.
Apparently, I can do this with OpenBSD's bridging, but NetBSD doesn't
do that yet... is there any other way to do what I want?

The wireless seems to add an additional complication; I have 6 machines
on the ethernet, and 1 wireless, so I don't have room to subnet my block
of 8 into 4 ethernet and 4 wireless.

And to throw another thing in, it'd be nice if I could have most of my
machines setup with external addresses, but have the ability (if guests
come over, or whatever) to hand out internal addresses via DHCP which
get NATted to a specific external address (I'd set aside one of my IPs
for NAT use). That may be getting too complicated though, I dunno :)

So, any thoughts?
-- 
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym@azeotrope.org |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 25 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++