natd Network Address Translation (IP masquerading, IP aliasing)

natd Network Address Translation (IP masquerading, IP aliasing)

Please note: if you are running PPP, then you don’t want natd.  PPP has
aliasing built in.  Unfortunately, I’ve never used PPP, so I suggest you follow the Pedantic PPP Primer of the FreeBSD Handbook or perhaps just see the man
pages for information on -alias.

That isn’t to say that PPP won’t work with natd. See Dialup firewalling with FreeBSD.

What is natd?

natd is the Network Address Translation daemon.  There are more formal definitions,
but hopefully, the rest of this page should be enough for most people.

What is it used for?

My prime use of FreeBSD was to act as a gateway for my home subnet.  In such
situations, your ISP gives you a single IP address.  It may be fixed, or it may be
dynamic.  In either case, if you have multiple machines talking to the Internet
through the gateway, the outside world sees it as a single IP address.  This may seem
strange.  How can multiple machines use the same IP address?  The answer is
quite simple: Ports.

How does it work?

Basically, what happens is that your internal network address is translated to your IP
[as assigned to you by your ISP] plus a port number.  Here’s what one such
translation might look like (all numbers have been made up at random):

Out [TCP] 192.168.0.1:2139 => 111.222.333.444:2139 aliased to
          1.2.3.444:2139   =>
111.222.333.444:2139

On the first line, we have a packet arriving from 192.168.0.1 and headed for
111.222.333.444.  The first number is an internal address which the outside world
doesn’t know about and doesn’t want to know about.  This is an address which is part
of a range reserved for private networks only.  Nobody on the Internet has that IP
address.  We must translate that address to something which the outside world with
recognize and can relate to.  The result of this translation is on the second line.
  The IP assigned to us by our ISP is 1.2.3.444 so you can see how we have
substituted our external address for our internal address.  Whenever something
arrives which is addressed to 1.2.3.444:2139, we will know to send it to
192.168.0.1:2139.  It’s that simple.

This process is also known as masquerading or aliasing.

How do I install it?

If you wish to know how I set up my natd, read the FreeBSD natd manual.  It
contains a section on running natd near the bottom of the page.

You should also
read about an natd problem I had and how I solved
it.  It contains further information about natd.

Leave a Comment

Scroll to Top