And what about existing masquerade rule ?
I don't get the question. In his post #4
, @nickshore gave you the src-nat rules which choose a particular public IP to be used as source depending on the actual source subnet. I was answering solely your other question, how to choose a particular public address as a source for connections initiated by the router itself.
I have only one problem with that suggestion, place-before=1
may not be the right way to indicate their position as these src-nat rules may have been placed after the masquerade one, which would make them be shadowed by the masquerade one and never used.
If you have all that in place with no gaps (i.e. if each LAN subnet is covered by one src-nat rule), you don't need the masquerade rule at all. Worse than that, as said above, if you keep it at a wrong place (i.e. before all these suggested by me and @nickshore), these rules will never see a single packet so the magic you ask for will not happen.
A masquerade rule is originally intended for interfaces which get their addresses dynamically; the fact that it does the job even when used on interfaces with a statically configured address makes it a good choice for the default firewall configuration whose purpose is to work out of the box in SOHO application. But once you go beyond that, you have to think about the role of every rule in the default firewall.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.