Don Munyak wrote:
> I am pretty sure I have it solved not.
> I changed the rules for the WAN. Instead of using the public IP's, I
> substituted the private IP's in the WAN rules.
> Now I am able to get access from outside in for a given webserver.
> old rules
> WAN - ANY - ANY - aa.43.155.34 http
> WAN - ANY - ANY - aa.43.155.34 https
> new rules
> WAN - ANY - ANY - 192.168.222.4 http
> WAN - ANY - ANY - 192.168.222.4 https
> Does anyone disagree with this ??? and why ??
That makes good sense, the way that the rules are processed is that
filters are applied after translation, so it would be correct to specify
the private addresses in your allows.