> Is the correct way to "solve" this to add the original IP to the Server NAT area,
> and update those NAT rules to use that IP instead of "interface address," or
> should I set a firewall rule to block traffic for port 25 on the second IP?
I forged ahead, and I get "The WAN IP address may not be used in a Server NAT entry" so I guess
that's not the answer. Seems like a bug then, that "interface address" behaves the same as "all WAN
IP addresses" in NAT rules?
I started to look at firewall rules to block the unwanted port redirections. Unfortunately I'm not
sure that will work either. The logged packet has a source of the remote IP, and the destination is
the LAN IP. How would I set up a rule to block incoming traffic for just one WAN IP?