Assuming you have a static IP you'd like to map to an internal IP with all the ports open, then you'd need a 1:1 NAT. This is straightforward to setup in the Edgerouter.
First, navigate to Firewall/NAT -> Firewall Policies
Edit the WAN_IN and add a new rule just after the "Allow established/related" with the following set:
Action: Accept
Protocol: All protocols
Destination address: internal IP of machine
The configuration can be seen in the screenshots below:
![]("__GHOST_URL__/content/images/2018/10/basicrule.png")
![]("__GHOST_URL__/content/images/2018/10/destination.png")
![]("__GHOST_URL__/content/images/2018/10/wanin.png")
Take note of the position of the 1:1 NAT rule (2nd).
Next, create SNAT (source NAT) and DNAT (destination NAT) rules for your static IP.
To add the SNAT rule, nagivate to the NAT tab under Firewall/NAT and click on "Add Source NAT Rule". Add a rule with the following configuration:
Outbound interface: eth0 (Assuming eth0 is your WAN interface)
Translation -> Specify address and/or port -> Address: Your static IP
Protocol: All protocols
Src Address: Internal IPTo add the DNAT rule, navigate to the NAT tab under Firewall/NAT and click on "Add Destination NAT Rule"
Inbound interface: eth0 (Assuming eth0 is your WAN interface)
Translation -> Specify address and/or port -> Address: Internal IP
Protocol: All protocols
Dest Address: Your static IPThis completes the setup of 1:1 NAT but you'll notice that you'll be unable to resolve hostnames for internal services without hairpin SNAT and DNAT rules in place. You need to create a hairpin rule for each interface from which you would want to resolve hostnames internally.
Assuming you want to resolve hostnames internally from eth1 you would create a new SNAT rule with the following config:
Outbound interface: eth1
Translation: Use Masquerade
Protocol: TCP
Src Address: Internal IP with subnet mask (e.g 192.168.300.0/24)
Dest Address: Internal IP of machine to which hostname resolves
Dest Port: Any port (Can be left blank to enable all ports)Create a DNAT rule with the following config:
Inbound interface: eth1
Translations -> Address: Internal IP of machine to which hostname resolves
Translations -> Port: Any port (Can be left blank to enable all ports)
Protocol: 443
Dest Address: Static IP on which service is being run
Dest Port: Any port (Can be left blank to enable all ports)