jail容器里的系统有时候并不需要公开的地址，所以给它们配置内网地址即可。但是这些系统一般都有上网的需求，这时候可以使用nat进行解决。

CBSD可以配置NAT规则，只需要命令cbsd natcfg，配置好后cbsd naton启动即可：

% cbsd natcfg
Configure NAT for RFC1918 Network?
[yes(1) or no(0)]
yes
Set IP address as the aliasing NAT address, e.g: 192.168.1.2Which NAT framework do you want to use: [pf]
(type FW name, eg pf,ipfw,ipfilter or "exit" for break)% cbsd naton
No ALTQ support in kernel
ALTQ related functions disabled
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: pf already enabled

nat的规则，可以在主目录/etc 下看到，比如：

root@fbhost:/usr/jails/etc # cat pfnat.conf 
nat on igb0 from 10.0.0.0/8 to ! 10.0.0.0/8 -> 192.168.1.5 # // Setup by CBSD NAT
nat on igb0 from 172.16.0.0/12 to ! 172.16.0.0/12 -> 192.168.1.5 # // Setup by CBSD NAT

当然关闭直接使用cbsd natoff 命令。