opnsense_firewall_nat_one_to_one (Data Source)

1:1 NAT maps a public IP or subnet to an internal private IP or subnet. All traffic to the public address is forwarded to the internal host or network. Unlike port forwarding, it exposes the full internal system, useful for servers behind a firewall. BINAT rules enable bidirectional translation for consistent incoming and outgoing connections.

~> This resource requires the os-firewall plugin to be installed. It will not behave correctly if it is not installed.

Schema

Required

id (String) UUID of the resource.

Read-Only

categories (Set of String) Set of category IDs to apply.
description (String) Optional description here for your reference (not parsed).
destination (Attributes) (see below for nested schema)
enabled (Boolean) Enable this firewall NAT rule.
external_net (String) Enter the external subnet's starting address for the 1:1 mapping or network. This is the address or network the traffic will translate to/from.
interface (String) Choose which interface this rule applies to.
log (Boolean) Log packets that are handled by this rule.
nat_reflection (String) NAT reflection mode. One of default, enable, or disable. default means OPNsense uses the global firewall NAT reflection setting.
sequence (Number) Specify the order of this NAT rule.
source (Attributes) (see below for nested schema)
type (String) Select binat (default) or nat here, when nets are equally sized binat is usually the best option. Using nat we can also map unequal sized networks. A binat rule specifies a bidirectional mapping between an external and internal network and can be used from both ends, nat only applies in one direction.

Nested Schema for `destination`

Read-Only:

invert (Boolean) Use this option to invert the sense of the match.
net (String) The 1:1 mapping will only be used for connections to or from the specified destination.

Nested Schema for `source`