Multiple WAN IP to some NAT, some Masquerade on LAN?

I’ve seen examples of NAT in a one to one mapping, and how to masqerade, but I have a situation where I want to mix a bit of both. Reading the forums, I hear that masqerading goes to the “default” WAN IP, so how can I fix this to a specific address?
My WAN addresses are x.x.x.18 to 22 (/29 network). Gateway is x.x.x.17. Internal LAN has 2 NICs 192.168.50.x/24 (LAN1) for NAT, general use, and LAN2, 192.168.1.16/32 for running admin to MT only (not an issue for now).

So, which comes first, the masquerade rule or NAT rules? Is the order going to affect this:

NAT (map) x.x.x.18 - x.x.x.19 to 192.168.50.18 and .19, ports 80, 8080 and maybe 21. Nothing else. (IIS and Linux servers)
Masquerade 192.168.50.20 to x.x.x.20 only (how?) No web proxy for .20 address.
Next, masquerade 192.168.50.21 to x.x.x.21, with web proxy enabled. Can web proxy be set specific for only this one masquerade output? Is it even possible to have 2 seperate masquerades?

Of course, after all that, then I’ll look into the firewall rules. Dimitry’s wiki seems good, I’ve used some of that, but the above setup complicates things.

Thanks
Steve

Steve, rule order is improtant.
firstly add required SRC-NAT rules for the specific applications, that should not be masqueraded. Masquerade rule should be addedd after them.
There are two type of NAT, you can read about NAT in the appropriate section of the documentation.

Thanks, that’s what I thought too…but a lot of examples just showed masquerading, and then talked about NAT after… I had masq. first, then NAT and had strange results. I remembered the “first rule that applies” rule, so figured I did it wrong. But, no harm in asking.
I’ll try a test setup of the correct order, but the question remains about which WAN IP address will the masquerading use? Can I force it to a specific WAN IP?

After that, same question for web-proxy - force it to proxy on only one LAN IP address…maybe someone else has some ideas on that?