I want DNAT to a specific INSIDE LAN IP for certain ports.
But then SNAT on that port bound to WAN IP to be on the standard SNAT overload the everything gets accumulated in.
'Static 1:1' NAT means.. whether its INGRESS or EGRESS .. for that port.. it'll use that different public ip .. and not the OVERLOAD that everything else gets accumulated.
I think I achieve what I want with 'Port Forwarding Rules' (special INGRESS only.. right ?) .. but then notice you can't do ICMP with Port Forwarding.. #facepalm.. and you can't specify the public address.. it just forwards from the WAN IP... #doublefacepalm...
NAT state-machine is such a commodity these days.. is it the UX that's the limitation.. maybe programmatic access you can leverage more flexibility ?