I think the bulk of the suggestions so far each miss critical issues. Some address normal (as opposed to "one-armed") NAT, for which all you really need is 10.2.x's "Internet Sharing" feature, but that wasn't what Cory seems to be asking for. Others address one-armed routing and/or NAT, but aren't mindful of issues specific to 802.11's physical and data-link (MAC) layers.

If Cory's iBook is the only Wi-Fi device that can connect to the network, either due to physical-layer antenna/range issues or MAC-layer authentication issues (as some for-pay networks might impose), AND if Cory specifically wants to re-share that unique Wi-Fi connection *via Wi-Fi again*, then setting up one-armed routing or one-armed NAT up at layer 3 (IP) or above isn't a solution. In Cory's scenario, his buddies' machines apparently wouldn't be able to join the pre-existing, restricted Wi-Fi network in the first place, so they wouldn't be able to talk to the NAT gateway on Cory's machine (the connectivity problem is at Layers 1 and 2, not 3).

To do what he wants, Cory would need two radio cards; one to be the client of the existing Access Point (AP), and one to act as another AP or IBSS peer that the buddies can join. Two radio cards isn't easy to do on an iBook. I suppose someone might make a USB-to-Wi-Fi adapter with Mac OS X drivers, but I'm not currently aware of such a product, and it would be a clunky solution anway. If he's okay with carrying an external Wi-Fi device around for this kind of occasion, he may as well use Internet Sharing to share his Wi-Fi connection with Ethernet, and then plug in an AP to share that Ethernet connection wirelessly. A lot of people already carry APs with them when travelling, for use in non-Wi-Fi-equipped hotel rooms. But at the point that you're resorting using a wired Ethernet link as part of the solution, you may as well just hook all your buddies via wired Ethernet to a hub.

To do what Cory wants without external equipment, he'd need a special radio card that could act as both a normal client-of-an-AP and as either an Access Point or an IBSS (ad-hoc, computer-to-computer network) member at the same time. If he THEN set up one-armed NAT as several others have described, his buddies who join his newly-published network would get to ride along on his special connection to the restricted network.

I'm not aware of any card that can do both client mode and {one of AP or IBSS mode} at the same time. The AirPort card in his iBook certainly can't, although almost any existing Wi-Fi card probably has all the necessary hardware, it's just a matter of card firmware and driver changes.

One last note: Not all for-pay Wi-Fi networks do MAC-layer authentication. Some just block unauthorized traffic at an IP firewall somewhere upstream. If Cory was using one of those WISPs, then he'd probably be able to do his one-armed NAT thing and have it work, because his buddies would probably be able to get onto the pre-existing network and see Cory's computer, and once Cory's computer does the NAT translation, the upstream firewall would see those packets as coming from Cory.

Whew. Sorry for the long message. Hope this helps.