One-to-Many NAT Rules Configuration
Dashboard Location: Security and SD-WAN > Configure > Firewall > Forwarding rules
Multi-Service Port Translation
Section titled “Multi-Service Port Translation”One-to-many NAT rules configuration in Meraki appliances enables the mapping of a single public IP address to multiple internal services and hosts through port-based Network Address Translation. This functionality allows organizations to efficiently utilize limited public IP addresses while providing external access to multiple internal services, such as web servers, email systems, and remote access services. One-to-many NAT is essential for conserving public IP address space, providing secure external service access, and enabling flexible service deployment architectures while maintaining granular access control through source IP restrictions.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”firewall (meraki.domains.organizations.networks.appliance)
Section titled “firewall (meraki.domains.organizations.networks.appliance)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| one_to_many_nat_rules | List | [one_to_many_nat_rules] | No |
one_to_many_nat_rules (meraki.domains.organizations.networks.appliance.firewall)
Section titled “one_to_many_nat_rules (meraki.domains.organizations.networks.appliance.firewall)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| public_ip | IP | Yes | ||
| uplink | String | Regex: ^internet\d+$ | Yes | |
| port_rules | List | [port_rules] | Yes |
port_rules (meraki.domains.organizations.networks.appliance.firewall.one_to_many_nat_rules)
Section titled “port_rules (meraki.domains.organizations.networks.appliance.firewall.one_to_many_nat_rules)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | min: 1, max: 127 | No | |
| protocol | Choice | tcp, udp | No | |
| public_port | Any | Integer[min: 1, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| local_ip | IP | No | ||
| local_port | Any | Integer[min: 1, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| allowed_ips | List | Any[IP or String[matches: [Aa]ny]] | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates one-to-many NAT rules configuration using tested YAML configuration from pipeline fixtures.
meraki: domains: - name: "!env domain" administrator: name: "!env org_admin" organizations: - name: "!env org" networks: - name: "!env network_name" product_types: - appliance - switch - wireless - camera - sensor - cellularGateway appliance: firewall: one_to_many_nat_rules: - public_ip: "203.0.113.1" uplink: internet1 port_rules: - name: "Web Server" protocol: tcp public_port: 80 local_ip: "192.168.1.100" local_port: 80 allowed_ips: - any - name: "RDP" protocol: tcp public_port: 3389 local_ip: "1.1.1.200" local_port: 3389 allowed_ips: - any - "any" - name: "Mail Server SMTP" protocol: tcp public_port: "25" local_ip: "!env mail_server_ip" local_port: "25" allowed_ips: - "!env trusted_mail_relays"