natd Network Address Translation (IP masquerading, IP aliasing)Please note: if you are running PPP, then you don’t want natd. PPP has aliasing built in. Unfortunately, I’ve never used PPP, so I suggest you follow the Pedantic PPP Primer of the FreeBSD Handbook or perhaps just see the man pages for information on -alias.
That isn’t to say that PPP won’t work with natd. See Dialup firewalling with FreeBSD.
What is natd?natd is the Network Address Translation daemon. There are more formal definitions, but hopefully, the rest of this page should be enough for most people.
What is it used for?My prime use of FreeBSD was to act as a gateway for my home subnet. In such situations, your ISP gives you a single IP address. It may be fixed, or it may be dynamic. In either case, if you have multiple machines talking to the Internet through the gateway, the outside world sees it as a single IP address. This may seem strange. How can multiple machines use the same IP address? The answer is quite simple: Ports.
How does it work?Basically, what happens is that your internal network address is translated to your IP [as assigned to you by your ISP] plus a port number. Here’s what one such translation might look like (all numbers have been made up at random):
Out [TCP] 192.168.0.1:2139 => 111.222.333.444:2139 aliased to
126.96.36.1994:2139 => 111.222.333.444:2139
On the first line, we have a packet arriving from 192.168.0.1 and headed for 111.222.333.444. The first number is an internal address which the outside world doesn’t know about and doesn’t want to know about. This is an address which is part of a range reserved for private networks only. Nobody on the Internet has that IP address. We must translate that address to something which the outside world with recognize and can relate to. The result of this translation is on the second line. The IP assigned to us by our ISP is 188.8.131.524 so you can see how we have substituted our external address for our internal address. Whenever something arrives which is addressed to 184.108.40.2064:2139, we will know to send it to 192.168.0.1:2139. It’s that simple.
This process is also known as masquerading or aliasing.
How do I install it?If you wish to know how I set up my natd, read the FreeBSD natd manual. It contains a section on running natd near the bottom of the page.
You should also read about an natd problem I had and how I solved it. It contains further information about natd.