# [RESOLVED] NAT redirection for jails



## fred974 (Jul 16, 2014)

Hello,

All the tutorial_s_ I found online about the PF firewall involve NAT redirection for the jails. Could someone explain why this is the case as most of the time the jails share the same network interface and the router deals with NAT?

Thank you,
Fred


----------



## SirDice (Jul 16, 2014)

*Re: NAT redirection for jails*

You would need NAT if you bind your jails to lo1 for example. If you bind your jails to an external interface then NAT would not be needed.


----------



## kpa (Jul 16, 2014)

*Re: NAT redirection for jails*



			
				SirDice said:
			
		

> You would need NAT if you bind your jails to lo1 for example. If you bind your jails to an external interface then NAT would not be needed.



The deciding factor is the "visibility" of the jail IP addresses outside the host that runs the jails. If the jail addresses are directly reachable (if you leave out packet filtering out of the equation) from the connected networks you don't need NAT, otherwise you do need it.


----------



## fred974 (Jul 16, 2014)

*Re: NAT redirection for jails*

So as far are security goes, am I best off using NAT?


----------

