I have three networks/firewall zones, WAN, LAN, and DMZ. LAN should access WAN and DMZ, DMZ should access WAN. Connections to WAN should be masqueraded, but vonnections from LAN to DMZ should not.
If I understand corrctly, checking Masquerading in the line with LAN in the first column in luci/admin/network/firewall would masquade all traffic from LAN, including that to DMZ. Checking the respective box for WAN would Masquerade in the wrong direction.
What is the intended way to only masquerade traffic TO WAN, but in no other combination?