SNAT (What am I doing wrong?)

I am new to IPfire (coming from Smoothwall). I am getting familiar with creating rules, and wondered what I am doing wrong with creating a rule using SNAT. Basically, if I am using an alias IP, I need the system I’m NATing to, to show it is connecting from the alias IP remotely (not the default RED IP). I am trying to open SSH(22) to the system (from all just for a test). However the rule isn’t working. I can SSH to the internal system when I using a DNAT rule. So, I know the system is responding on port 22. How do I open port 22 to it, via an Alias IP, using SNAT? I am selecting the alias public IP from the “New source IP address”, and the internal LAN address of the system is on the “Destination Address”. Here is what I have setup, that isn’t working:

In Smoothwall, you use the FFC (Full Firewall Control) addon, that allows you to add alias IPs. When you add an alias, it asks for the IP to map from (local IP of the system). Then, it knows to show the correct public IP depending on how you access the system. If you access it from the alias, it shows that alias as the public IP remotely. If you access it from the default red IP, it shows the default red IP as the public IP remotely.

smoothwall_alias

How to you create the equivalent setup in IPFire? I assumed it was using a SNAT rule.

I found the following:

Looks like 2 rules are needed (DNAT to the system internally, and SNAT from the internal system outbound). Does that sound right?

I suppose this is the same issue then?

Correct. I will reply to the other post.