Configuring Static IP for FreeBSD behind a NAT router

Home / Configuring Static IP for FreeBSD behind a NAT router

IP address or Internet Protocol address plays a very important role in networking. Especially for a server. Without an IP address, our machine can’t connect to any other machine thus render our machine useless.

On earlier article, we have discussed about how to configuring network setting on FreeBSD. It covers about giving IP address for FreeBSD which connect to internet directly. But what if our server is behind a NAT (Network Address Translation) router, or in simple words: not connect internet directly. Thus we will discuss it on this article, using FreeBSD 8.3 as our example.

Let see the Scenario

FreeBSD uses a file named rc.conf to establish the system’s IP address, among other settings, during system startup. The rc.conf file contains configuration settings for the computer’s hostname, network interface cards, and which services to start at boot time. It is important that the settings in this file are correct; a typo here could hamper the system’s functionality.

A small office or home network commonly has one Internet connection that needs to be shared by multiple computers. A NAT router allows the sharing of a single Internet connection within the local (private) network. The router functions as a firewall, creating a protected zone in the private network by allowing all traffic out, but only allowing known or solicited traffic in.

The private network use a different IP, which is called Private addresses. The router has two IP addresses at two end: one public IP address which given by ISP for our home/office, and a private IP address which is used for internal used.

This scenario assume we use IPv4.

Port Forwarding

Like said before, a router can connecting two different network, one to ISP and one to our private network. Router can do this because it has a port-forward function that forwards traffic received at the router to a computer with a static IP address inside the private network. If, for example, we were hosting a web server then we would need to forward TCP port 80 (the IANA standard for HTTP) to the IP address of our FreeBSD server.

Most NAT routers that support port forwarding have built-in DHCP servers that assign computers in the private network a dynamic IP address, one that may change each time the computer logs on to the network.

DHCP works when machines simply need to connect to a network and get the first available IP address, but it’s no help to you if you want to use your FreeBSD system as a server. You’ll need a static (permanent) IP address so that information destined for your server will arrive.

Specify Static IP Address on rc.conf

Before we modify rc.conf, we need to tell the DHCP server to assign IP addresses in a range that doesn’t conflict with the server’s IP address. In other mean we choose an IP address which is not on DHCP pool address.

Router’s DHCP options should allow us to set the starting IP address. For this example, we’ll use as the starting address for the range of addresses that can be assigned to machines, knowing that numbers are assigned from this address up (.101, .102, .103, and so on). We’ll assign as our server’s static IP address since it is outside the range of the DHCP server.

Now let’s set this in rc.conf. Edit /etc/rc.conf and you should see something like the following in your rc.conf file. Your FQDN should be here if specified during setup; the interface em0 may be different.


Note: If you don’t already have the hostname set, be sure to set it correctly. The hostname should be your system’s fully qualified domain name; veda is the name of the machine and is your registered domain name.

Insert router’s IP address in the defaultrouter statement as shown below. Using our example scenario above, the hostname, ifconfig, and defaultrouter statements should now look like this:

ifconfig_em0="inet netmask"

Notice that we have replaced “DHCP” with our static IP address and added the netmask address ( is the default netmask address in most configurations).

We’ve also added a defaultrouter line which points to the NAT router’s IP address. This address,, will be the IP address you enter into your web browser to access the router web configuration; this is also called the default gateway.

Now save and exit.

Using Dynamic DNS

Dynamic DNS is a service provided by third-party companies that keeps track of a computer’s public IP address. These providers automatically update our domain name’s associated IP address if it changes for any reason. Most Internet service providers use DHCP servers to assign public IP addresses to their customers dynamically. Unless you pay for a static IP address, this dynamically assigned address may change from time to time.

When we register our domain name, we can specify the target IP address of our server if we wish to host our own services. Many people mistakenly assume that their current, dynamic IP address will be theirs indefinitely. When our dynamic IP address changes (which may happen frequently or once every few months), our server appear to “drop off ” the Internet since our domain registrar’s records point to the previous IP address, which is no longer valid. We then have to go back to domain registrar and notify them of our new IP address to regain our Internet presence (this is usually accomplished through a web-based control panel).

This is where dynamic DNS service providers become useful. These third-party companies allow you to keep our IP address updated by using a client program on your server to detect when the IP changes. When it does, the client program automatically contacts the dynamic DNS service to update your DNS record so you stay “live”. When using these services you need to point your domain registrar to your dynamic DNS service’s servers, which then point to your updated IP address. Most dynamic DNS providers charge a fee for their services, though there are a few free ones, like ZoneEdit ( By combining a dynamic DNS service provider with a dynamic DNS updating client like ddclient, we can provide a static IP-like Internet presence.


About Author

about author


A man who is obsessed to low level technology.

Leave a Reply

Your email address will not be published. Required fields are marked *

Social Share Buttons and Icons powered by Ultimatelysocial