Hmm. I am not sure if you can use a custom firewall rule too easily in conjunction with 1-to-1 NAT although I have not tested this statement. If the 1-to-1 module creates a firewall rule in the PREROUTING then it will be important that the custom firewall rule gets loaded after the 1-to-1 NAT as it also needs to use the PREROUTING chain, so its rule must appear before the 1-to-1 rule so it takes precedence.

BTW the Webconfig could also be better laid out when adding a port forwarding rule (in my opinion). You'd want the second option "Port". The From Port is obvious. The To Port would do better to appear after the IP Address field to make it clear you are not forwarding a range of ports. Also the IP Address would be better labelled To IP Address.

Yup, it's a limitation of the 1-to-1 NAT app. We recommend creating the 1-to-1 NAT rule and then adding a custom firewall rule to do the re-mapping. I don't see this particular use case in the custom firewall examples, but ClearOS Support can quickly provide the details.

You'll need to use the port forwarding app if you want to redirect from one port to another.

Out of curiosity, why are you trying to redirect port 80 to 8080?