@dlakelan
I tried the following (without binding the .70 IP, just the first usable IP), does not appear to work though. I may have rather goofed it though since I couldn't find an example trying to do what I was doing. Comparing it to what I ended up with below, perhaps I just didn't know what I was doing. It's possible that I didn't need to add the extra WAN interfaces as I did below, but at least that way I could pick those IPs when setting the DNAT/SNAT rules.
config redirect
option src wan
option name test
option src_dip 12.x.y.67
option src_dport 22
option proto tcp
option dest lan
option dest_ip 192.168.1.106
@shm0 @jeff @mpa Thanks everyone for helping to look into this
I have figured out how to get the desired behavior, and I was able to even do it from LuCI
In Network > Interfaces, add a new interface for each additional external IP, and check the corresponding box to 'cover' the same ethernet adapter as the original WAN interface. Then, in Network > Firewall > Port Forwards, add a port forward to the internal IP. During the initial setup of the forward, won't be able to pick the intended external IP, but after creating it, edit it, and then set the external IP in 'External IP Address'.
That at least covers inbound traffic. Adding the SNAT is easy enough in Network > Firewall > Traffic Rules > Source NAT, but again can't actually pick the Source IP address until after hitting 'add and edit'.
For reference, the config added by LuCI to /etc/config/network
for the additional WAN interfaces will look like :
config interface 'wan_67'
option proto 'static'
option ifname 'eth1'
option ipaddr '12.x.x.67'
option netmask '255.255.255.224'
option gateway '12.x.x.65'
option broadcast '12.x.x.95'
And the /etc/config/firewall
entries :
config redirect
option enabled '1'
option target 'DNAT'
option src 'wan'
option dest 'lan'
option dest_ip '192.168.1.106'
option src_dip '12.x.x.67'
option proto 'tcp udp'
config redirect
option enabled '1'
option target 'SNAT'
option src 'lan'
option dst 'wan'
option proto 'all'
option src_dip '12.x.x.67'
option src_ip '192.168.1.106'