I found this a little confusing, so am documenting it here in case you run
into the same problem.
The first task is to define a virtual IP. You give it a name, and
its interface is "wan1" (or "wan2" of course). It's Static NAT, and
unfortunately you apparently have to enter an actual IP. I have a
DHCP assigned WAN, which will change whenever there is a power failure,
so I had hoped to be able to use 0.0.0.0 (for any address), but that didn't
work for me. The mapped IP is the internal address you want to go to.
In my case, this was a machine in the DMZ, so my first thought
was that a WAN1 to DMZ policy was all that would be needed but
that's not the case: you need to specifically include the VIP name in the
In my case, the whole thing ended up looking like this:
config firewall vip
set extip 22.214.171.124
set mappedip 10.10.10.2
set extintf "wan1"
config firewall policy
set srcintf "wan1"
set dstintf "dmz"
set srcaddr "all"
set dstaddr "Linuxvip"
set action accept
set schedule "always"
nameset service "SSH"
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Anthony Lawrence
Find me on Google+
© 2009-11-07 Anthony Lawrence