Hang on... I want DNAT to a specific INSIDE LAN IP for certain ports. But then SNAT on that port bound to WAN IP to be on the standard SNAT overload the everything gets accumulated in. 'Static 1:1' NAT means.. whether its INGRESS or EGRESS .. for that port.. it'll use that different public ip .. and not the OVERLOAD that everything else gets accumulated. I think I achieve what I want with 'Port Forwarding Rules' (special INGRESS only.. right ?) .. but then notice you can't do ICMP with Port Forwarding.. #facepalm.. and you can't specify the public address.. it just forwards from the WAN IP... #doublefacepalm... NAT state-machine is such a commodity these days.. is it the UX that's the limitation.. maybe programmatic access you can leverage more flexibility ?
... View more