Use the following syntax to create NAT rules:
command interface-name parameters
Each rule begins with one of the following commands:
Maps one IP address or network to another IP address or network in an unregulated round-robin process.
Redirects packets from one IP address and port pair to another IP address and port pair.
Establishes a bidirectional NAT between an external IP address and an internal IP address.
Establishes static IP address-based translation. This command is based on an algorithm that forces addresses to be translated into a destination range.
Following the command, the next word is the interface name, such as hme0.
Next, you can choose from a variety of parameters, which determine the NAT configuration. Some of the parameters include:
Designates the network mask.
Designates the address that ipmask is translated to.
Designates tcp, udp, or tcp/udp protocols, along with a range of port numbers.
The following example illustrates how to put together the NAT rule syntax together to create a NAT rule. To rewrite a packet that goes out on the de0 device with a source address of 192.168.1.0/24 and to externally show its source address as 10.1.0.0/16, you would include the following rule in the NAT rule set:
map de0 192.168.1.0/24 -> 10.1.0.0/16 |
For the complete grammar and syntax used to write NAT rules, see the ipnat(4) man page.