The FreeBSD Diary

The FreeBSD Diary (TM) Remember
I remember
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Things look quiet here. But I've been doing a lot of blogging at dan.langille.org because I prefer WordPress now. Not all my posts there are FreeBSD related. I am in the midst of migrating The FreeBSD Diary over to WordPress (and you can read about that here). Once the migration is completed, I'll move the FreeBSD posts into the new FreeBSD Diary website.

natd Network Address Translation (IP masquerading, IP aliasing) 21 June 1998
Need more help on this topic? Click here
This article has no comments
Show me similar articles

Please note: if you are running PPP, then you don't want natd.  PPP has aliasing built in.  Unfortunately, I've never used PPP, so I suggest you follow the Pedantic PPP Primer of the FreeBSD Handbook or perhaps just see the man pages for information on -alias.

That isn't to say that PPP won't work with natd. See Dialup firewalling with FreeBSD.

What is natd?
natd is the Network Address Translation daemon.  There are more formal definitions, but hopefully, the rest of this page should be enough for most people.
What is it used for?
My prime use of FreeBSD was to act as a gateway for my home subnet.  In such situations, your ISP gives you a single IP address.  It may be fixed, or it may be dynamic.  In either case, if you have multiple machines talking to the Internet through the gateway, the outside world sees it as a single IP address.  This may seem strange.  How can multiple machines use the same IP address?  The answer is quite simple: Ports.
How does it work?
Basically, what happens is that your internal network address is translated to your IP [as assigned to you by your ISP] plus a port number.  Here's what one such translation might look like (all numbers have been made up at random):

Out [TCP] 192.168.0.1:2139 => 111.222.333.444:2139 aliased to
          1.2.3.444:2139   => 111.222.333.444:2139

On the first line, we have a packet arriving from 192.168.0.1 and headed for 111.222.333.444.  The first number is an internal address which the outside world doesn't know about and doesn't want to know about.  This is an address which is part of a range reserved for private networks only.  Nobody on the Internet has that IP address.  We must translate that address to something which the outside world with recognize and can relate to.  The result of this translation is on the second line.   The IP assigned to us by our ISP is 1.2.3.444 so you can see how we have substituted our external address for our internal address.  Whenever something arrives which is addressed to 1.2.3.444:2139, we will know to send it to 192.168.0.1:2139.  It's that simple.

This process is also known as masquerading or aliasing.

How do I install it?
If you wish to know how I set up my natd, read the FreeBSD natd manual.  It contains a section on running natd near the bottom of the page.

You should also read about an natd problem I had and how I solved it.  It contains further information about natd.


Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles