Gee you don't want to do much do you. ;-)

You can do everything you want with NetBSD and a Quadra should be 
able to handle it in general.  One caveat is that NetBSD does not 
support PPPoE efficiently at this time.  Since you have a 4-port 
DSL/router I would think that you would rather use the NAT on the 
router rather than do it on either of the end workstations.  In that 
case most of your questions should go to how to set up the router 
properly.  Hopefully it has some way to redirect incoming http 
traffic to a specific end workstation.

Assuming you really want to do the NAT on the *BSD side then you 
should look at the IPFilter FAQ which is linked from somewhere on the 
NetBSD.org web site.  It's not mac68k specific.  It gives you a *lot* 
of control of what IP traffic is allowed and where it can go.

On a specific point:  yes you can do NAT over a single Ethernet. 
Make sure the local traffic uses a different IP network address and 
everyone will ignore what they should ignore as long as nobody gets 
cracked.  But the NAT traffic (if you are doing NAT on a workstation 
instead of in your 4-port router) winds up traversing the wire twice 
which is wasteful of bandwidth.  This may or may not be an issue.

Signature held pending an ISO 9000 compliant
signature design and approval process.
h.b.hotz@jpl.nasa.gov, or hbhotz@oxy.edu