1:1 NAT also known as one-to-one NAT, addresses a scenario somewhat opposite to the scenario covered by Outbound NAT. Whereas with Outbound NAT, we were concerned with network traffic flowing from the local network to the WAN, 1:1 NAT allows us to map one public IP address to one private IP address, thus making a resource that otherwise would only be available on the local network available on the WAN side (that is, via the internet). All traffic from that private IP to the internet will then be mapped to the public IP specified in the 1:1 NAT mapping. This will override the Outbound NAT settings. Conversely, all traffic initiated on the internet which is destined for the specified public IP address will then be translated to the private IP. Then it will be evaluated according to the WAN firewall ruleset, and if the traffic is permitted by the WAN rules, it will be passed to the internal node specified in the mapping. These are the steps:

1. To create a NAT 1:1 mapping, click on the 1:1 tab on the NAT page and click on the Add button below the table. Many of the options are similar to the options we covered in the Port Forwarding section.
2. Negate allows you to exclude the rule from the NAT, which could be useful if you are redirecting a range of addresses, and need to exclude a subset of the range.
3. No BINAT disables redirection for any traffic matching the rule. This way, you can exclude a subset of addresses from a larger range of translated addresses.
4. The Interface dropdown allows you to specify the interface to which this mapping applies; usually, you can leave it set to WAN.
5. The External subnet ID edit box is where you enter the external subnet's starting IP address for the 1:1 mapping.
6. In the Internal IP section, you specify the internal subnet for the 1:1 mapping. The subnet size for the internal subnet determines how many IP addresses are mapped. For example, assume we have set External subnet IP to 10.1.1.1 and Internal IP to 192.168.1.100/30 (with Network as the type specified in the Type drop-down box). This will map 10.1.1.1 to 192.168.1.100, 10.1.1.2 to 192.168.1.101, and so on up to and including 10.1.1.3/192.168.1.103. Destination allows us to use the 1:1 mapping only for connection to or from the specified destination; usually, this is set as Any. Both Internal IP and Destination have Not checkboxes allowing us to invert the sense of the match.
7. You can enter a non-parsed description for future reference in the Description field. The NAT reflection drop-down box allows you to access the mapped nodes on the local network from the public IP address.

8. Unlike Port Forwarding, where there were several options for reflection, there are only two options here: Enable and Disable.
9. Click on the Save button when you are done making changes to the 1:1 entry and click on the Apply Changes button on the main NAT page to reload the rules.