Network Address Translation (NAT) in FreeBSD

Jul 19, 2023 • FreeBSDSoftware

As the networking capacities of FreeBSD are built around a powerful, well-architected kernel, Network Address Translation (NAT) becomes an integral topic in BSD system administration. If you’re interested or working with FreeBSD, understanding how NAT operates on it gives you a considerable edge in managing network traffic. Here’s our comprehensive guide to NAT in FreeBSD.

To ensure smooth networking, FreeBSD uses NAT as a mediator between your local network and the whole internet. NAT functions by translating an internet network address into a private IP address and vice versa. To further understand networking basics and interfaces, you can check our previous posts.

What is NAT?

Before we dive into the details of NAT implementation on FreeBSD, let’s first revise the basics of NAT. NAT is a system used in IP networks that transforms private network IP addresses into public IP addresses and vice versa, allowing multiple devices to share a single IP address. NAT ensures the efficient use of IP addresses and enhances the security of the network.

Understanding NAT in the Context of FreeBSD

In FreeBSD, NAT is implemented using a tool called PF (Packet Filter). PF is a firewall software that allows you to control the flow of inbound and outbound network traffic. In addition, PF has NAT capabilities that allow IP addresses to be translated, be it Source NAT, Destination NAT, or Binat (one-to-one) NAT. For more detailed understanding, read our blog on FreeBSD Firewall Configuration.

Setting Up NAT in FreeBSD

Step 1: Enabling PF

The first step is to enable PF in FreeBSD. This can be done by adding the following line to your /etc/rc.conf file:


Once done, you can start PF by using the command /etc/rc.d/pf start.

Step 2: Configure PF

The next step involves configuring the PF for NAT. This is done in the pf.conf file typically found in /etc/. The port translation is done by adding the following line in your pf.conf file:

nat on em0 from em1:network to any -> (em0)

Here, ‘em0’ is the external network interface connected to the internet, and ‘em1’ is the internal network interface connected to the local network. To enhance your understanding of networking interfaces, consider reading Configuring Network Interfaces.

Step 3: Apply the Configuration

Finally, apply the configuration by typing /etc/rc.d/pf reload to reload the PF with new NAT configuration.

Testing NAT configuration

You can test your NAT configuration by attempting to connect to the internet from a device that’s inside your private network. If the device can access the internet, then your NAT configuration is successful.

To ensure maximum functionality and security, FreeBSD also offers advanced NAT features. For instance, NAT Reflection allows a device in the private network to access another device in the same network using the public IP and mapped ports. To take your FreeBSD skills to the next level, explore kernel tuning for optimization and system hardening practices.

Final Thoughts

NAT is an essential component of FreeBSD network management, offering IP address reusability, enhancing security, and facilitating internal network internet access. Understanding and configuring NAT in FreeBSD broadens your knowledge of networking and improves your FreeBSD skills. Remember, FreeBSD offers an array of different tools and configurations similar to NAT. Be sure to explore other areas for a comprehensive understanding of what FreeBSD can offer in network management.

Stay tuned for more FreeBSD related articles to keep enriching your understanding and skills in FreeBSD system administration!

Checkout these related ports: