BIG problem with fiaif and many interfaces

[Paolo Prandini]

I found a BIG ( at least for me ) problem with fiaif if
you have many ( at least 2 ) interfaces, that is quite
common with a firewall.
If you have a server process that is listening on 0.0.0.0
( all the interfaces ) for udp/tcp packets coming to a port ( eg.
port 53) it correctly receives the packets BUT when it sends
back an answer packet the origin port is not anymore port 53
but an ephemereal port and if the receiver checks it nothing
works. This is not due to the particular server process, I
tried it with named, with asterisk, with mysql and so on.
If I bind the process to a given address everything works
correctly; with named I specify all the addresses I want it to
listen on and I am set. But with many other daemons you can
give only one address! With asterisk I am stuck!
If I switch fiaif off everything works; if I use another
firewall generator, e.g. shorewall, everything works; if I change
kernel from 2.4 to 2.6 no change, it doesn't work correctly.
The only thing that makes the difference is fiaif; no fiaif, ok,
with fiaif, bad luck. But I want to use fiaif! I like it!
There must be some rule in iptables, inserted by fiaif, that
causes this weird behaviour.
I am available for any tests, of course. I need some hints about
where the problematic rules could be...
Thanks
Paolo