We have a Juniper SSG140 and I'm having a heck of a time trying to get port forwarding working. Specifically trying to get ports 80 and 443 for a publicly accessible web server. Previously I had configured it with MIP with a Untrust to Trust policy. This isn't working. In the guide it says:
set interface ethernet2 mip 1.1.1.5 host 10.1.1.5 netmask 255.255.255.0 vrouter trust-vr
set policy from untrust to trust any mip(1.1.1.5) http permit
When I do this I can see in the logs that traffic is arriving to the server but either isn't getting to the client or is appearing to be from a different IP (we have a range of IPs and the MIP is not mapped to our default untrust IP). I tried adding a Trust to Untrust policy to allow traffic from the internal server out and messed around with NAT-src but it just doesn't seem to work. Any suggestions?