One-to-One NAT maps valid, external addresses to private addresses hidden by NAT. Computers on your private LAN or DMZ are accessed on the Internet at the corresponding public IP addresses. You can create a relationship between internal and external addresses by defining internal and external address ranges. Once the relationship is defined, the computer with the first IP address of the private address range is accessible at the first IP address of the external address range, the second computer at the second external IP address, etc.
To configure One-to-One NAT, complete the following instructions.
Select the Enable One-to-One NAT check box.
Enter the beginning IP address of the private address range being mapped in the Private Range Begin field. This is the IP address of the first machine that is accessible from the Internet.
Enter the beginning IP address of the valid address range being mapped in the Public Range Begin field. This address should be assigned by your ISP.
Alert! Do not include the SonicWALL WAN IP (NAT Public) Address or the WAN Gateway (Router) Address in this range.
Enter the number of public IP addresses that should be mapped to private addresses in the Range Length field. The range length can not exceed the number of valid IP addresses. Up to 64 ranges can be added. To map a single address, enter a Range Length of 1.
Click Update. Once the SonicWALL has been updated, a message confirming the update is displayed at the bottom of the browser window.
Alert! The One-to-One NAT window maps valid, public IP addresses to private LAN IP addresses. It does not allow traffic from the Internet to the private LAN.
Tip! A rule must be created in the Rules section to allow access to LAN servers. After One-to-One NAT is configured, create an Allow rule to permit traffic from the Internet to the private IP address(es) on the LAN.
This example assumes that you have a SonicWALL running in the NAT-enabled mode, with IP addresses on the LAN in the range 192.168.1.1 - 192.168.1.254, and a WAN IP address of 220.127.116.11. Also, you own the IP addresses in the range 18.104.22.168 - 22.214.171.124.
Alert! If you have only one IP address from your ISP, you cannot use One-to-One NAT.
You have three web servers on the LAN with the IP addresses of 192.168.1.10, 192.168.1.11, and 192.168.1.12. Each of the servers must have a default gateway pointing to 192.168.1.1, the SonicWALL LAN IP address.
You also have three additional IP addresses from your ISP, 126.96.36.199, 188.8.131.52, and 184.108.40.206, that you want to use for three additional web servers. Use the following steps to configure One-to-One NAT:
Select Enable One-to-One NAT and click Update.
Type in the IP address, 192.168.1.10, in the Private Range Begin field.
Type in the IP address, 220.127.116.11, in the Public Range Begin field.
Type in 3 in the Range length field.
Tip! You can configure the IP addresses individually, but it is easier to configure them in a range. However, the IP addresses on both the private and public sides must be consecutive to configure a range of addresses.
Click Access, then the Rules tab.
Click Add New Rule and configure the following settings:
Service - HTTP
Source - WAN
Destination - LAN 192.168.1.10 - 192.168.1.12
Apply this rule - always
The server configurations take effect after the SonicWALL restarts and the configuration is updated. Requests for http://18.104.22.168 are answered by the server at 192.168.1.10. Requests for http://22.214.171.124 are answered by the server at 192.168.1.11, and requests for http://126.96.36.199 are answered by the server at 192.168.1.12. From the LAN, the servers can only be accessed using the private IP addresses (192.168.1.x), not the public IP addresses or domain names. For example, from the LAN, you must use URLs like http://192.168.1.10 to reach the web servers. An IP address, such as 192.168.1.10, on the LAN cannot be used in both public LAN server configurations and in public LAN server One-to-One NAT configurations.
Help Table of Contents