One-to-Many NAT Rules Configuration
Dashboard Location: Security and SD-WAN > Configure > Firewall > Forwarding rules
Multi-Service Port Translation
Section titled “Multi-Service Port Translation”One-to-many NAT rules configuration in Meraki appliances enables the mapping of a single public IP address to multiple internal services and hosts through port-based Network Address Translation. This functionality allows organizations to efficiently utilize limited public IP addresses while providing external access to multiple internal services, such as web servers, email systems, and remote access services. One-to-many NAT is essential for conserving public IP address space, providing secure external service access, and enabling flexible service deployment architectures while maintaining granular access control through source IP restrictions.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”firewall (meraki.domains.organizations.networks.appliance)
Section titled “firewall (meraki.domains.organizations.networks.appliance)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| one_to_many_nat_rules | List | [one_to_many_nat_rules] | No |
one_to_many_nat_rules (meraki.domains.organizations.networks.appliance.firewall)
Section titled “one_to_many_nat_rules (meraki.domains.organizations.networks.appliance.firewall)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| public_ip | IP | Yes | ||
| uplink | String | Regex: ^internet\d+$ | Yes | |
| port_rules | List | [port_rules] | Yes |
port_rules (meraki.domains.organizations.networks.appliance.firewall.one_to_many_nat_rules)
Section titled “port_rules (meraki.domains.organizations.networks.appliance.firewall.one_to_many_nat_rules)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | min: 1, max: 127 | No | |
| protocol | Choice | tcp, udp | No | |
| public_port | Any | Integer[min: 1, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| local_ip | IP | No | ||
| local_port | Any | Integer[min: 1, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| allowed_ips | List | Any[IP or String[matches: [Aa]ny]] | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates one-to-many NAT rules configuration.
This configuration demonstrates how to set up one-to-many NAT rules on a Meraki appliance to control inbound traffic from the internet to internal resources.
Public IP and uplink: The configuration maps the public IP 203.0.113.1 to internal hosts via the uplink interface internet1.
Port forwarding rules: “Web Server” rule defines that TCP traffic on public port 80 is forwarded to internal IP 192.168.1.100 on port 80. Access is allowed from any source IP. Second rulem named “RDP”: TCP traffic on public port 3389 is forwarded to internal IP 1.1.1.200 on port 3389. Access is allowed from any source IP. This setup allows external clients to access specific internal services securely while keeping the internal network hidden, providing controlled inbound connectivity through the appliance firewall.
meraki: domains: - name: !env domain administrator: name: !env org_admin organizations: - name: !env org networks: - name: !env network_name product_types: - appliance - switch - wireless - camera - sensor - cellularGateway appliance: firewall: one_to_many_nat_rules: - public_ip: "203.0.113.1" uplink: internet1 port_rules: - name: "Web Server" protocol: tcp public_port: 80 local_ip: "192.168.1.100" local_port: 80 allowed_ips: - any - name: "RDP" protocol: tcp public_port: 3389 local_ip: "1.1.1.200" local_port: 3389 allowed_ips: - any