NAT with ipnat on FreeBSD

Just make the topics easy....

How to make your FreeBSD ( or NetBSD but u need to fix the NIC name and /etc/rc.conf based on NetBSD-style ) as router? How?




This is my FreeBSD gateway with ipnat..





step 1- Install FreeBSD. Any version will do..



step 2- Done? Then edit /etc/rc.conf add something like this:









step 3- Create your rules files in /etc ( as stated here it's ipnat.rules, but u can named it anything u like )...

check your NIC ip, especially facing your network and will be acting as gateway ip...


trunasuci# ifconfig

xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1492


        ether XXXXXX

        inet netmask 0xff000000 broadcast

        media: Ethernet autoselect (100baseTX <full-duplex>)

        status: active

xl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500


        ether XXXXXX

        inet netmask 0xffffff00 broadcast

        media: Ethernet autoselect (100baseTX)

        status: active

plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384

        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4

        inet6 ::1 prefixlen 128

        inet netmask 0xff000000

tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492

        inet 60.48.XX.XX --> netmask 0xffffffff

        Opened by PID 1251





example your NIC facing your network and will become gateway is xl1, then your ipnat.rules file should be like this:

map xl1 -> 0/32


then SAVE!








step 4-

run your ipnat.. mine always flush and run ipnat, pointing to the rules files



trunasuci# ipnat -FC && ipnat -f /etc/ipnat.rules

2 entries flushed from NAT table

4 entries flushed from NAT list



trunasuci# ipnat -l

List of active MAP/Redirect filters:

map xl1 ->


so it's run!


on your client pc/box just set this ip of xl1 as gateway ( in this case it's )


walla! it runs!!





test from NetBSD as client/server behind the FreeBSD gateway:


netbsd# nslookup www.yahoo.com



Non-authoritative answer:

www.yahoo.com   canonical name = www.wa1.b.yahoo.com.

www.wa1.b.yahoo.com     canonical name = www-real.wa1.b.yahoo.com.

Name:   www-real.wa1.b.yahoo.com


netbsd# uname -a

NetBSD netbsd.trunasuci.opensource.my 3.1_STABLE NetBSD 3.1_STABLE (GENERIC) #0: Thu Jan  1 11:38:51 MYT 2009  root@:/usr/obj/sys/arch/i386/compile/GENERIC i386














