Allow phone on mobile network to SSH into LAN Device

[nowindows]

I'm able to use my Pixel 7 Pro phone (and other devices - computers) to SSH into a device using a gpg (raspberry pi which uses local csf firewall) on my LAN while my phone is on LAN - using Termux. I've forwarded the pi port in Firewall/NAT. And I've set the Phone Privacy setting while on WIFI to "Use device MAC".

I want to use my phone  to ssh into a device on my LAN while my phone is on Verizon Mobile Network (NOT on my LAN).  I've tried creating a firewall rule that allows specific MAC addresses (including my phone MAC address) to pass traffic to my LAN Devices.  Not sure if there is a privacy setting for Mobile data to "Use device MAC" for the phone?  This rule doesn't pass traffic to the pi.  The SSH try get's blocked on the next firewall rule that blocks unknown hosts from accessing the pi.
Is there a way I can identify/allow my phone on WAN to ssh into pi on LAN?

[nowindows]

I just found a way to get ssh access to my LAN PI while on Mobile Data.

I enable wireguard on the opnsense router on my LAN and the ssh goes through with rule "let out anything from firewall host itself".