FreeBSD Jail Access Private Network Via NAT and PF

I've FreeBSD 7.x server with 3 jails are configured to run a mail, web and MySQL services. My FreeBSD box has two network interfaces. First, interface is connected to LAN and other is directly connected to the Internet via public IP. My DNS servers are hosted on private network (LAN). FreeBSD 7.x jail only support one interface and one IP address. How do I configure jail (FreeBSD vps) to access my DNS servers hosted inside my LAN using PF firewall?

NAT is the answer to your problem. You can use BSD PF or FreeBSD firewall to setup NAT. Route all private traffic using NAT to LAN.
This simple pf rule is very specific about what it will perform nat on. I specify the source as my subnet of public IPs and the destination as 10.0.0.0/8. This keeps NAT out of the equation but for this very specific need.
Open /etc/pf.conf file, enter:
# vi /etc/pf.conf
Append code as follows:
lan_if="em0"
lan_if_subnet="10.0.0.0/8"
lan_if_ip="10.28.11.10"
jail_vps_server_ip="202.54.2.3"
nat on $lan_if inet proto { tcp, udp, icmp } from $jail_vps_server_ip to $lan_if_subnet -> $lan_if_ip

Save and close the file. Reload new rules:
# /etc/rc.d/pf reload
Where,

• lan_if="em0" : Your server's real interface name. This is connected to LAN.
>lan_if_subnet="10.0.0.0/8" : Add LAN subnet.
• lan_if_ip="10.28.11.10" : em0 IP address.
• jail_vps_server_ip="202.54.2.3" : Jail server's public IP address. You can use subnet if you have 5-6 public IP address assigned to jail such as 202.54.2.3/29.