Internet problem in DMZ

[biscuit2005]

Hello to all OPNsense enthusiasts.  :)
I would like to inform you right away that I am a beginner and I don't have much experience in OPNsense, so I would like to ask for help and explain it like a child.

So: I have OPNsense 23.7 installed, which I updated to OPNsense 23.7.12_5-amd64.
I created a DMZ following this description: https://getlabsdone.com/how-to-configure-opnsense-dmz-step-by-step/

1. On the opt3 interface I have a DMZ with the address 172.16.0.1
2. I have DHCP enabled in the service and a tangential IP address for DMZ is assigned 172.16.0.100;
3. I have rules configured on the DMZ and on the WAN as described;

And something strange happens: I run one-to-one in Firewall in NAT, and I immediately have access to the Internet cut off on the Apache server in the DMZ zone. Even the rule installed on Firewall -> Rules -> DMZ, which is supposed to enable Internet access, does not help. ;-)

However, after disabling one-to-one NAT in the DMZ, the Internet is available in the DMZ, even if the rule on the WAN interface is disabled.

My questions:
1. What is this one-on-one NAT all about, why does it block Internet access on the DMZ;
2. Why does the rule in the DMZ not unblock Internet access;
3. Why is there the so-called virtual IP and what address should I enter there:
private address, e.g. 192.168.1.100, or rather a public IP address e.g. 37.52.130.155 ;
4. Why is an ICMP rule needed on a DMZ gateway?

Of the above questions, the most important is: why does one-to-one NAT block Internet access? Although in Ubuntu (where the Apache http server is installed) I see the assigned network address 172.16.0.100, which was assigned by the DHCP server on the DMZ interface.

Best regards and please provide pathological explanations.  ;)

[biscuit2005]

Correction: please give easy explanations.

[biscuit2005]

Okay, maybe I asked too many questions, and maybe someone can tell me why the Internet is blocked when NAT is turned on. 8)