Skip to content

1:1 NAT

The 1:1 NAT (1:1 NAT) feature in the Wanscale Platform allows you to establish a direct, one-to-one mapping between a public IP address and a private IP address within your Virtual Network (VNET). This means all incoming traffic destined for the public IP address will be automatically forwarded to the specified private IP address.

This feature is particularly useful when you need to expose a service or application running on a private IP address to the internet without restricting traffic to specific ports. Unlike traditional port forwarding (DNAT), 1:1 NAT forwards all traffic, regardless of port or protocol.

When to use 1:1 NAT

  • Hosting Public Servers: If you have a web server, mail server, or any other application server within your VNET that needs to be directly accessible from the internet.
  • Specific Application Requirements: Some applications require a direct public IP address for proper functioning or licensing.
  • Simplifying Access: When you want to avoid configuring multiple port-forwarding rules for a single internal host.

Prerequisites

Before configuring 1:1 NAT, ensure you have:

  • A Virtual Network (VNET) already deployed.
  • An Internet Service attached to your VNET, providing the public IP addresses you wish to use.
  • A Service Edge (SE) or DC Connect with a LAN interface configured with the private IP address you intend to map.

Configuring 1:1 NAT

Follow these steps to create a 1:1 DNAT rule within your VNET:

  1. Navigate to the Services page and select your VNET.
  2. In the left sidebar, expand Policies and select 1:1 NAT.
  3. Click the Add 1:1 NAT button.
  4. Complete the following fields in the configuration screen:
    • Name: Enter a descriptive name for the NAT rule (e.g., "Web Server Public Access").
    • Public IP Address: Select an available public IP address from your attached Internet Service. This is the IP address that will be accessible from the internet.
    • Private IP Address: Enter the private IP address of the internal host within your VNET that will receive the forwarded traffic. This IP address should be configured on a LAN interface of a Service Edge or DC Connect.
  5. Click Save.

Important Security Considerations

Warning

Be extremely careful when forwarding all traffic from a public IP address to an internal private IP. Always ensure you have comprehensive Firewall Rules in place to protect the internal resource and control what traffic is allowed to reach it. Without proper firewalling, your internal host could be vulnerable to attacks.

Note

Applying Changes: Like all networking services in the portal, your 1:1 NAT configuration will not be active until you deploy the changes. See Workflows and Applying Changes.