ipfw nat inbound keep-state with net.inet.ip.fw.one_pass=0

[umage]

Hi, I'm an ipfw user that finally got the opportunity to set up NAT on
an interface with a public IP. I was doing some multi-homing experiments
using ipfw fwd combined with outbound ipfw nat - and since I needed to
run both, and both immediately ended ipfw ruleset execution, I had to
turn off net.inet.ip.fw.one_pass.

This is where I discovered that with that setting turned off, my inbound
NAT rule stopped working. Seems that with one-pass execution, the NAT
rule also performs keep-state of some sort, the dynamic state table
looks ok and everything works fine. But if I turn it off, and do my own
"allow all in keep-state" after applying a static NAT rule on an inbound
connection, I see that the state table has the remote IP on the left
side and mine on the right side. I also see that my NAT setup breaks and
my packets are sent to the internet with a 192.168.0.x source address.

I'd like to ask if I'm doing anything wrong, or whether this is a bug. I
checked the issue tracker, but found no relevant issues there. I also
tried asking around, but it seems noone even uses ipfw anymore.
Triggering the issue requires a modified kernel (ipfw forward and ipfw
nat are not available by default), requires using ipfw nat (a relatively
new thing) instead of the old natd daemon, and requires changing the
value of a system setting.