System Administration Guide: IP Services

Configuring NAT Rules

Use the following syntax to create NAT rules:

command interface-name parameters

  1. Each rule begins with one of the following commands:


    Maps one IP address or network to another IP address or network in an unregulated round-robin process.


    Redirects packets from one IP address and port pair to another IP address and port pair.


    Establishes a bidirectional NAT between an external IP address and an internal IP address.


    Establishes static IP address-based translation. This command is based on an algorithm that forces addresses to be translated into a destination range.

  2. Following the command, the next word is the interface name, such as hme0.

  3. Next, you can choose from a variety of parameters, which determine the NAT configuration. Some of the parameters include:


    Designates the network mask.


    Designates the address that ipmask is translated to.


    Designates tcp, udp, or tcp/udp protocols, along with a range of port numbers.

The following example illustrates how to put together the NAT rule syntax together to create a NAT rule. To rewrite a packet that goes out on the de0 device with a source address of and to externally show its source address as, you would include the following rule in the NAT rule set:

map de0 ->

For the complete grammar and syntax used to write NAT rules, see the ipnat(4) man page.