How would this work if you did not know the source address?
I took source addresses from your post #5 above ... and used those as illustration how to make NAT rules as speciffic as possible not to affect the rest of traffic.
With NAT rules there are two kinds of parameters:
- selection criteria, which define which packets will be affected by particular rule.
Almost all parameters fall into this category, but most used are src-address, dst-address, src-address-list, dst-address-list, protocol, src-port, dst-port, in-interface, out-interface. Not all of these parameters have to be set, but one has to be careful to set selection parameters so that the rule is not "too greedy".
- action parameters, which define what needs to be changed on packets.
These are the following two parameters: to-addresses and to-ports and define the resulting value. With src-nat the corresponding src-* values get overwritten and with dst-nat the corresponding dst-* values get overwritten. If one of the two parameters is not set (most frequently to-ports is not set), then the corresponding src-* or dst-* value is not changed.
It is perfectly fine to use e.g. src-address
as selection criterion in src-nat with to-addresses
set ... just keep in mind that first selection rules are ran against original packet[*] and action is done on matching packets.
[*] I used "original" meaning the packet which is being matched ... which might got changed already before this NAT rule is being evaluated.