How Can I Do this? Please Help me with command details.
You can src-nat user's private address (ports 0-65535) to one public address (ports 0-65535) and dst-nat the same address back to his private address.
Customer will be accessible by the public address and all his outgoing traffic will be "signed" by the same address.
I have just tried it on my test router and it works perfectly
add action=dst-nat chain=dstnat disabled=no dst-address="public IP" dst-port=0-65535 port="" protocol=tcp src-port="" to-addresses="private IP" to-ports=0-65535
add action=src-nat chain=srcnat disabled=no dst-port=0-65535 protocol=tcp src-address="private IP" to-addresses="public IP" to-ports=0-65535
Does this solve your problem?