Так запатчили ipfw nat и закоммители в карент!
http://www.freebsd.org/cgi/query-pr.cgi?pr=157867
Author: ae
Date: Tue Jun 14 13:35:24 2011
New Revision: 223080
URL: http://svn.freebsd.org/changeset/base/223080
Log:
Implement "global" mode for ipfw nat. It is similar to natd(8)
"globalport" option for multiple NAT instances.
If ipfw rule contains "global" keyword instead of nat_number, then
for each outgoing packet ipfw_nat looks up translation state in all
configured nat instances. If an entry is found, packet aliased
according to that entry, otherwise packet is passed unchanged.
User can specify "skip_global" option in NAT configuration to exclude
an instance from the lookup in global mode.
PR: kern/157867
Submitted by: Alexander V. Chernikov (previous version)
Tested by: Eugene Grosbein
Modified:
head/sbin/ipfw/ipfw.8
head/sbin/ipfw/ipfw2.c
head/sbin/ipfw/ipfw2.h
head/sbin/ipfw/nat.c
head/sys/netinet/ipfw/ip_fw2.c
head/sys/netinet/ipfw/ip_fw_nat.c
head/sys/netinet/libalias/alias.h
Modified: head/sbin/ipfw/ipfw.8