I've got a RB2011 configured with ether1-WAN interface with 3 public IPs(ex: 1.1.1.1, 1.1.1.2, 1.1.1.3)

I'd like to use the 1.1.1.1 as a management IP and have www-ssl(tcp/443) and ssh(tcp22) access. 1.1.1.2/.3 will be NAT'd to ether2-LAN and have web servers(tcp/443) running behind them.

When I enable IP services, they seem to want to take over all access in the input chain and I will not be able to forward 443 traffic to my webservers. Is there anyway to configure this without changing the ports in IP Services that www-ssl runs on?

Seems like this would also be an issue if you wanted to run www-ssl and a SSTP VPN at the same time?

Anyone?

just set up dst-nat rules that will forward traffic from certain global ip to internal servers. And that is all what is required.