In short: test a network with an internal IP address in the 100.64.0.0/10 with unreg_cgn in IPFW, and see if NAT is performed.
Explained:
Compile a HEAD with this patch and reboot.
Add the following to /etc/rc.conf:
```
ifconfig_lan0="inet 100.64.0.1 netmask 255.255.255.0"
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_script="/etc/ipfw.conf"
```
Add the following to /etc/ipfw.conf
```
#!/bin/sh
ipfw -q flush
ipfw nat 1 config if wan0 unreg_cgn
ipfw add 100 nat 1 ip from any to me in via wan0
ipfw add 200 nat 1 ip from 100.64.0.1/24 to any out via wan0
ipfw add allow ip from any to any
```
Replace wan0 with your WAN (outside) interface, and lan0 with your LAN (inside) interface.
Then run
```
kldload ipfw ipfw_nat
```
and
```
service netif restart
```
Then, add clients on the 100.64.0.0/24 subnet with the 100.64.0.1 gateway and 255.255.255.0 subnet mask.
You could also do DHCP, or NAT from a loopback interface, I won't mention that here.