DNAT error (masquerade IP)


I find myself completely stuck on with DNAT rules. Indeed I have several aliases on my IPFire with multiple public IP addresses and each of these addresses (therefore aliases) have rules that redirect to each machine and each specific port

Unfortunately all the source IP addresses are replaced by the IP address of the firewall (IP Fire) and I do not put an X-Forwarded-For song allowing me to define the real Source IP address.

Is there a solution to activate this option of X-Forwarded-For or an alternative solution allowing to display the Real IP address which tried to access my web environment for example

PS: I am under an AWS infrastructure hence the usefulness of having only local IP addresses on my VMs and lots of Public IP addresses as aliases on my IPFIre

Thank you in advance