Your configuration is almost perfect! Just need to update the descriptions from “FTP” to “SSH”:
Corrected Configuration:
# NAT rule - Forward WAN port 50155 to SSH server
set nat destination rule 109 description 'Forward SSH to DMZ server'
set nat destination rule 109 destination port '50155'
set nat destination rule 109 inbound-interface name 'eth2.201'
set nat destination rule 109 protocol 'tcp'
set nat destination rule 109 translation address '192.168.100.155'
set nat destination rule 109 translation port '22'
# Firewall rule - Allow SSH traffic from WAN to DMZ
set firewall ipv4 forward filter rule 34 action 'accept'
set firewall ipv4 forward filter rule 34 description 'Allow SSH from WAN to DMZ'
set firewall ipv4 forward filter rule 34 destination address '192.168.100.155'
set firewall ipv4 forward filter rule 34 destination port '22'
set firewall ipv4 forward filter rule 34 inbound-interface name 'eth2.201'
set firewall ipv4 forward filter rule 34 outbound-interface name 'br1'
set firewall ipv4 forward filter rule 34 protocol 'tcp'
Apply the Configuration:
commit
save
Access from WAN:
# Connect using your WAN IP on port 50155
ssh -p 50155 username@<your-wan-ip>
# Example:
ssh -p 50155 [email protected]
Summary:
✅ NAT Rule 109: Translates incoming WAN port 50155 → 192.168.100.155:22
✅ Firewall Rule 34: Allows the forwarded traffic to reach the SSH server
✅ Port Mapping: WAN:50155 → DMZ:22
Your configuration is functionally correct! The only changes I made were updating the descriptions from “FTP” to “SSH” for clarity.