ORANGE IP as masquerade source for GREEN?

Hi there,

planning to use ipfire (latest) as a firewall in a colocation environment.
Hoster gives me a public static /29 IPv4 transfer net in which I put the RED interface.
Another /26 public IPv4 space is routed to the RED IP of the /29 transfer net.
I put the first free IP of the /26 subnet on the ORANGE interface. The transfer net is to enable stuff like VRRP failover (to be implemented later). Machines physically in the ORANGE LAN are routed and firewalled as they should :slight_smile:
But the hoster does not do not want to have a lot of traffic originating from or destining to the transfer net. So Iā€™d like to have the NAT/Masq address of the GREEN interface to be the ORANGE IP of the ipfire.

How can I configure that in a sane way? I have not found an option in the GUI. A shell or direct config file modification is fine, if that is the way.