ipfw with nat - allowing by MAC address

[Julian Elischer]

Lubomir Georgiev wrote:
>  I'd like to thank all the people who replied to the thread I started. Your
> help has been invaluable. The reason I didn't immediately respond to Jao is
> that I wanted to make sure I wasn't mistaking - I was sure that IPFW + 
> NAT +
> MAC address filtering in a single box was possible because I had seen it
> with my own two eyes. I just didn't take the time to see the ruleset 
> then. I
> was going there in a couple of days and was going to shed some light on the
> subject but it turns out I don't need to - Patrick and Julian have 
> backed me
> up.
> 
>  I am going to try out what you've recommended and post the results. Once
> again thanks for all your efforts and Jao please do try not to go all "high
> and mighty" over other seeking help when what we really want is one and the
> same thing - to help each other, and that I think is the purpose of this
> list.
> 
>  So, I'll keep you posted.
> 

As I posted, I think you can use keep-state to pass state between 
layer 2 and layer 3 instances of the firewall.

the trick is to remmeber that "check-state" just re-runs the rule that
had the orginal keep-state, and that that rule can be almost anything, including
a skipto.