6.5. 1:1 NAT

1:1 NAT maps one public IP address to one private IP address by specifying a /32 subnet. This means having an otherwise local network computer accessible from the Internet through the WAN interface of your m0n0wall device. From a security perspective this also means that all traffic arriving at the WAN interface is forwarded into your network to the designated internal server. Be sure that you have secured the internal server.

Additionally entire subnets can be passed through the NAT. This could be used for situations when multiple connected networks are using the same subnet, such as two sites using a 10.0.0.0/8 subnet.

Note

Depending on the way your WAN connection is setup, you may also need proxy ARP.

Forwarding traffic for additional IP adresses (also known as Virtual IP addresses) that are not the IP address of the WAN interface is possible by first listing these IP addresses in the Server NAT window. Then 1:1 NAT is used to redirect traffic for these IP addresses to internal servers. For example you may have 3 IP addresses registered with the Internet Service Provider but only one of these can be assigned to the WAN interface. Using Server NAT and 1:1 NAT you can assign the additional 2 IP addresses to the WAN interface as well and redirect their traffic to specific servers.