Firewall/NAT

Hello all. I have a slight dilemma here.

I want to implement monowall at my campus. One of the engineers there has a unix box that he uses for tunnels to other campuses, and what he uses to NAT into the IT lab.

I am considering putting monowall between him and the lab, but was stressing because of NAT and using the WAN interface to connect to his box. If I simply disable NAT by enabling Advanced Outbound, would WAN essentially treat the WAN interface like a LAN or OPT interface? Or would I run into issues talking to private networks through the WAN?

Would it be easier to just use multiple OPT interfaces and forget about the WAN (sacrificing a NIC)? What do you think?