Configuring NAT Rules

Use the following syntax to create NAT rules:

command interface-name parameters

1. Each rule begins with one of the following commands:

   map

   Maps one IP address or network to another IP address or network in an unregulated round-robin process.

   rdr

   Redirects packets from one IP address and port pair to another IP address and port pair.

   bimap

   Establishes a bidirectional NAT between an external IP address and an internal IP address.

   map-block

   Establishes static IP address-based translation. This command is based on an algorithm that forces addresses to be translated into a destination range.

2. Following the command, the next word is the interface name, such as hme0.

3. Next, you can choose from a variety of parameters, which determine the NAT configuration. Some of the parameters include:

   ipmask

   Designates the network mask.

   dstipmask

   Designates the address that ipmask is translated to.

   mapport

   Designates tcp, udp, or tcp/udp protocols, along with a range of port numbers.

The following example illustrates how to put together the NAT rule syntax together to create a NAT rule. To rewrite a packet that goes out on the de0 device with a source address of 192.168.1.0/24 and to externally show its source address as 10.1.0.0/16, you would include the following rule in the NAT rule set:

map de0 192.168.1.0/24 -> 10.1.0.0/16

For the complete grammar and syntax used to write NAT rules, see the ipnat(4) man page.