There are several other options not mentioned in the recipe that can be helpful in some cases, including the following:
- Disable: We can disable the rule without deleting it.
- No BINAT (NOT): As with port forwarding, we can disable 1:1 NAT for the specified address or network, thus excluding a subset of addresses from a later, more general rule.
- Destination: If we use this option, the 1:1 mapping will only be used for connections to and from the specified destination.
- NAT reflection: We can enable or disable NAT reflection, which, if enabled, allows us to use the external IP address specified in the 1:1 mapping from behind the firewall. We can also disable this option, or use the system default.