hi,
create a VIP to map your public IP address to the internal address. If your public WAN is dynamic, use ' 0.0.0.0' as a wildcard. Otherwise, use your static address.
If you need your WAN address for other services also then enable port forwarding and only forward the (e.g.) ssh port 22 (or whatever).
Then create a policy
src IF: wan
src address:
the_one_external_address_allowed
dst IF: internal
dst address: your_VIP
service: either ANY/ALL or specific e.g. ssh
NAT: disable
That should be all.
Ede
"Kernel panic: Aiee, killing interrupt handler!"