Created attachment 191515 [details]
patch for /etc/rc.firewall and /etc/defaults/rc.conf
firewall_nat_interface used in "nat 123 config" and "add 50 nat 123 ip4 from any to any via", but permissible value in them are different. I suggest adding the variable firewall_nat_ip for define an ip address to use for aliasing.
/etc/rc.firewall as well changed for backward compatibility.
Please be a bit more specific and describe exact problem you have that needs a change in the code. It seems for me, it should work just fine already.
I have many gif interfaces to remote offices and I create internal global network. To use multiple NAT is required set firewall_nat_interface="gif*", but "gif*" can not be used in "nat 123 config" rule (return error).
(In reply to ev from comment #2)
Variables firewall_nat_* are supposed to be used with single ipfw nat instance and single interface. For more complex setups like yours, no patches are required as we already have means to apply arbitrary extensions, for example: in /etc/rc.conf:
# your private extension script
# your private script's configuration
Create executable script /etc/rc.firewall.local and system runs it in addition and after default system scripts:
ipfw -q delete 50
ipfw add 50 nat 123 ip4 from any to any via "$firewall_nat_intmask"
Please try and respond.
Feedback timeout. Also, code changes believed unnecessary as the task can easily be solved using coscripts.