Looks good except for one thing... You changed a natd_enable check
to a natd_interface check. natd_interface can be set without natd_enable
being set (e.g. someone has it all set up but they want to temporarily
disable it, so they only change natd_enable), and I don't think we want
to start nat in that case. Or I'm missing something.
-Matt