Newbie NAT questions

[biggreydog]

New user to OPNsense [previously using Draytek router].  I am looking to set up NAT transversal for both one to one and traditional NAT.  I have read the help and searched forums but this I think is a very simple setup but I am finding the nomenclature a bit different from what I have used on other routers.

I need to connect a single device on my LAN to an external IP say [22.22.22.22] with port 1234 to a specific LAN address of 10.10.10.130 [port 1234].  My static IP is [33.33.33.33].

Is this setup correct?
External Network = 33.33.33.33
Source = 22.22.22.22
Destination = 10.10.10.130
Port = where is this entered?

[errored out]

If I understand correctly, you have 2 external (Routable) IP Addresses?  1 is static 33.33.33.33 and 1 is dynamic 22.22.22.22 and you would like 1 assigned to a specific LAN address?

Does that mean the second external address is being shared with multiple LAN / internal equipment?

Is this setup correct?
External Network = 33.33.33.33
Source = 22.22.22.22
Destination = 10.10.10.130
Port = where is this entered?

This is a little confusing.  Do you have a diagram?

[biggreydog]

Thanks for the quick reply.

In this scenario, I have one single static external WAN IP address only [33.33.33.33]

I need to connect 10.10.10.10 [port 1234] on my LAN [with my external IP WAN 33.33.33.33] to another external IP of 22.22.22.22 [port 1234] which is not controlled by myself.

[cookiemonster]

It looks to me from your description it looks like this:

If yes, then normal routing applies and nothing special is required I think. It'll be like connecting to any public site. Maybe create an alias for it.
If not, then needs a better explanation/diagram.

[biggreydog]

Your drawing is correct.  Wouldn't I need a NAT rule to direct 22.22.22.22 to my computer [10.10.10.10] on port 1234?

Would there also be benefit to making this a one-to-one connection to further secure the firewall?

[cookiemonster]

It depends who inititates the traffic. If is you, then outbound rules are there by default i.e. allow out.
If is the other side initiating the connection into your router, then yes you need to allow it in.

[errored out]

1 to 1 connections are used for multiple IP address.  I.E. For every Internal (LAN) connection, you have an External (WAN).  What you are looking to do can be done with a default installation.  All you would need to configure are your firewall rules, and possible forwarding.  As stated above, depends on where the traffic is initiated from.