diff --git a/pf.conf b/pf.conf
index c523c57..cf4236d 100644
--- a/pf.conf
+++ b/pf.conf
@@ -4,10 +4,23 @@ set block-policy return
 set fingerprints "/etc/pf.os"
 # definitions
 pf_strict = "{ re0 wlan0 ue0 }"
+ext_ifs = "{ re0 wlan0 ue0 }"
+
+vm_if = "vnat0"
+vm_net = "10.0.0.0/24"
+
 table <goonlan> const { 192.168.100.0/24, 192.168.184.0/24, 192.168.55.0/24 }
 icmp_types = "{ 0, 3, 4, 8, 11, 12 }"
 # base rules
 set skip on lo0
+
+# translation
+## VM networking
+nat on re0 from $vm_if:network to any -> (re0)
+nat on wlan0 from $vm_if:network to any -> (wlan0)
+nat on ue0 from $vm_if:network to any -> (ue0)
+
+# filter
 ## allow any outgoing traffic
 pass out on pf_strict from any to any
 ## allow ICMP pings