I migrated from a linux box with shorewall to a netscreen xt5.
On the shorewall you can do the following port forward
Source port Destination port
HostA any localHostA 22
HostB any localHostB 22
On the netscreen:
VIP on the untrusted interface for port 22 assinged to localhostA:22
Untrusted Trusted Service actions options
Any VIP::1 ssh allow log
How do I setup the second forward, from HostB on the Internet to HostB on my Lan?