===== Overview =====
1-to-1 NAT maps a public Internet IP to an IP on your local area network (LAN).

===== Installation =====
If you did not select this module to be included during the installation process, you must first [[Software Modules|install the module]].

===== Configuration =====
You can map 1-to-1 NAT IPs in one of two ways:

  * With no firewall at all
  * With selective ports open

==== 1-to-1 NAT - No Firewall ====
Some protocols can be finicky behind firewalls.  In this case you want to configure 1-to-1 NAT with no firewall (make sure you firewall/secure the target LAN system some other way!).  In the screenshot below:

  * 216.138.245.23 is mapped to a LAN machine at 192.168.2.2
  * no firewall is enabled.

[[Image:Ss_1to1nat_wide_open.png | 1-to-1 NAT Wide Open]]

==== 1-to-1 NAT - Selective Ports Open ====
In the screenshot below:

  * 216.138.245.23 is mapped to an LAN machine at 192.168.2.2
  * only port 22 (SSH) and port 80 (web) are accessible

[[Image:Ss_1to1nat_by_port.png | 1-to-1 NAT By Port]]

==== 1-to-1 NAT - With MultiWAN ====
If you have Multi-WAN enabled, please review the topic on [[Multi-WAN|source-based routes]].  Each 1-to-1 NAT rule must typically be assigned to an external MultiWAN interface as shown by example below:

[[Image:nat_multiwan.png | 1-to-1 NAT with MultiWAN]]