"Dynamic NAT" seems to simply be Masquerade (I think ... not familiar with that brand).
1:1 NAT is straightforward, you just need a DNAT rule and a corresponding SNAT rule.
DNAT RULE
rule 7 {
description "DNAT SOME HOST"
destination {
address WAN_IP_2
}
inbound-interface eth0
inside-address {
address 192.168.10.20
}
protocol all
type destination
}
SNAT RULE
rule 5007 {
description "DNAT SOME HOST"
destination {
address 192.168.10.20
}
outbound-interface eth0
outside-address {
address WAN_IP_2
}
protocol all
type source
}
Note that 1:1 NAT rules MUST come before your catch-all masquerade for general LAN clients. So if you have 12 IP addresses assigned to eth0, with 2-12 being the 1:1 range (masquerade uses whatever the first IP in the list is), you'll have something like this in the NAT section
rule 5000{
SNAT WAN_IP_2
}
rule 5001{
SNAT WAN_IP_3
}
rule 5002{
SNAT WAN_IP_3
}
rule 5003{
SNAT WAN_IP_4
}
rule 5004{
SNAT WAN_IP_5
}
rule 5005{
SNAT WAN_IP_6
}
rule 5006{
SNAT WAN_IP_7
}
rule 5007{
SNAT WAN_IP_8
}
rule 5008{
SNAT WAN_IP_9
}
rule 5009{
SNAT WAN_IP_10
}
rule 5010{
SNAT WAN_IP_11
}
rule 5011{
SNAT WAN_IP_12
}
rule 5020{
Masquerade to WAN IP
}