Hi
Sry I couldn’t reply earlier, was on the road with rather limited internet access…
The description helped understand your environment / requirement well.
Do you have an option to do testing at home or office?
Maybe testing the firewall forwarding separatly, before you break a nicely working setup, would be a better choice.
The Test does not need to really be connected to the internet (can…) nor do you need to use real, routable Internet IPs, you can also use internal IPs (172.16.x.x as you’re already using 10.x.x.x)…
If access works with the firewall (an image or one node would suffice for testing purposes…) to your node and outwards, I’d assume the firewall works as needed and only needs the real IPs, maybe some fine tuning…
My 2 cents
Andy