I have a bridged DSL connection with four routable IP addresses (x.x.x.152 - 
x.x.x.155).  One interface of the NetBSD box is connected to the DSL modem 
and arps for it's one IP address and I use choparp (in packages) to arp for 
the other three IP addresses.  The second interface is a 145/28 subnet that 
correspond to the subnet that contains my four addresses, and twelve that 
are not assigned to me.  The 144/28 network is my internal network.  Three 
of the four assigned addresses are in the internal network, and I have a 
couple extra systems using the addresses that are not assigned to me using
NAT.

My only problem is that I can not talk to the IP addresses that I am using 
that are not assigned to me (i.e. 144-151, 156-159).  But then what are the 
odds of them having something I want to see.

So all four IP addresses are used.  No NAT required unless you are hiding 
more systems. 

DSLAM (x.x.x.1/24) 
  <-> 
  (External Interface x.x.x.152/24, 
    ARP on External Interface for x.x.x.153-155) 
NetBSD firewall 
  (Internal Interface x.x.x.145/28)
  <->
Private Network (x.x.x.144/28, including 153-155)