The 1-to-1 NAT app is required if you plan to have publicly available IP addresses correlate with servers running on your local network. For example, you may need a server placed in your network but have it be available on a separate IP address than your ClearOS server.

The ClearOS 1-to-1 NAT module creates a virtual IP address on the WAN side (public network) of your ClearOS server and then correlates that to a server on the inside of your network. The module handles the IP address aliasing, the firewalling, and the NAT port forwarding.

If your public address pool is capable of being subnetted, you can use the DMZ module instead if you want your server behind the firewall to be in a public IP address space.

You can install the module at any time from the ClearCenter Marketplace.

You can find this feature in the menu system at the following location:

<navigation>Network|Firewall|1-to-1 NAT</navigation>

To configure a 1-to-1 NAT policy add a rule and assign a nickname, which interface will hold the public IP address, the public IP address that you want assigned (it should be available and within the same subnet as your current IP address for your WAN interface) and what IP on the inside it should apply the translation to. You can also tell the interface to NAT all ports and protocols or you can define individual ports or port ranges. To specify a range, use a colon (':') to separate the start port and end port.

In order to use the 1-to-1 NAT module properly, you must not have previously created any alias address which overlaps or have created any Port Forwarding policy which attempts to do the same thing. Also, the target internal system on your local network must have the default gateway set to ClearOS system.

Again, if you are trying to make a 1:1 NAT rule work you will NOT use any other module to support this rule. The 1:1 NAT module provisions all the required components for the forward rule to work including the IP address (don't configure one as an alias in IP Settings), the incoming firewall rule (do not configure them in the Incoming firewall as that module is for ports going to the ClearOS server itself), and the port forwarding (do not also set up a port forwarding rule to cover this 1:1 NAT rule). search?q=clearos%2C%20clearos%20content%2C%20AppName%2C%20app_name%2C%20clearos6%2C%20userguide%2C%20xcategory%2C%20maintainer_dloper%2C%20maintainerreview_x%2C%20keywordfix&amp;btnI=lucky