Occasionally it is desirable to have a system with one IP address behind the firewall
to appear to have a completely different IP address. One example of how this would work
would be a lab of computers which are then attached to various networks that are to be put
under some kind of test. In this example, you would not want to have to reconfigure the
entire lab when you could place a NAT system in front and change the addresses in one
simple place. We can do that with the bimap keyword, for bidirectional mapping. Bimap
has some additional protections on it to ensure a known state for the connection, whereas
the map keyword is designed to allocate an address and a source port and rewrite
the packet and go on with life.
bimap tun0 192.168.1.1/32 -> 18.104.22.168/32
will accomplish the mapping for one host.