At its simplest, port mapping allows you to forward connections made to the NetManager onto other machines. This means you only need a small number of external IP addresses (usually just one) for allowing access to machines from the outside. This access can, of course, be firewalled. It should not be confused with Reverse Proxying.
It can be configured in Network > NAT in webadmin.
As an example, look at the configuration below:
The left column is the external IP address (obscured for security). Two IP addresses are used in this case (i.e. the NetManager has Aliased addresses. In this example, it is necessary to use more than one IP address as port 80 is mapped through to an internal machine; if only a single IP address was used, this would stop access to the NetManager's webserver. On a port-by-port basis, these are mapped through to 3 different internal machines. Firewalling is controlled individually for each mapping.
Each mapping can be configured as remote or local. Remote will not be available if you are not using NAT. In remote mode, the NetManager firewall remaps the traffic transparently. The internal machine will see the traffic as coming from its original (external) IP address. Therefore, the internal target machine must have its default gateway set to the NetManager. In local mode, the NetManager will accept the incoming connection itself and then open a new connection to the internal machine. This means that the internal target machine will see the traffic as coming from the NetManager, not the original address. It also places slightly more load on the NetManager.
More than one destination IP address can be specified. This will allow 'round-robin' access (i.e. each IP address will be used in turn) - this gives crude load balancing. In the example below, the top rule (port 1494) is being edited to add a second IP address.