NAT sets up mapping rules that translate source and destination IP addresses into other Internet or intranet addresses. These rules modify the source and destination addresses of incoming or outgoing IP packets and send the packets on. You can also use NAT to redirect traffic from one port to another port. NAT maintains the integrity of the packet during any modification or redirection done on the packet.
You can create NAT rules either at the command line, using the ipnat command, or in a NAT configuration file. You must create the NAT configuration file and set its pathname as the value of the config/ipnat_config_file property of the service. The default value is /etc/ipf/ipnat.conf. For more information, see the ipnat(1M) command.
NAT rules can apply to both IPv4 and IPv6 addresses. However, you must create separate rules for each address type. In a NAT rule that includes IPv6 addresses, you cannot use the mapproxy and rdrproxy NAT commands simultaneously.
Use the following syntax to create NAT rules:
command interface-name parameters
Each rule begins with one of the following commands:
Maps one IP address or network to another IP address or network in an unregulated round-robin process.
Redirects packets from one IP address and port pair to another IP address and port pair.
Establishes a bidirectional NAT between an external IP address and an internal IP address.
Establishes static IP address-based translation. This command is based on an algorithm that forces addresses to be translated into a destination range.
Following the command, the next word is the interface name, such as bge0.
Next, you can choose from a variety of parameters, which determine the NAT configuration. Some of the parameters include:
Designates the network mask.
Designates the address that ipmask is translated to.
Designates tcp, udp, or tcp/udp protocols, along with a range of port numbers.
The following example illustrates how to construct a NAT rule. To rewrite a packet that goes out on the net2 device with a source address of 192.168.1.0/24 and to externally show its source address as 10.1.0.0/16, you would include the following rule in the NAT rule set:
map net2 192.168.1.0/24 -> 10.1.0.0/16
The following rules apply to IPv6 addresses:
map net3 fec0:1::/64 -> 2000:1:2::/72 portmap tcp/udp 1025:65000 map-block net3 fe80:0:0:209::/64 -> 209:1:2::/72 ports auto rdr net0 209::ffff:fe13:e43e port 80 -> fec0:1::e,fec0:1::f port 80 tcp round-robin
For the complete grammar and syntax, see the ipnat(4) man page.