Adding a NAT rule to enable interactive TV

Hi All,

I'm trying to get triple play to work replacing the Ubiquit Edgerouter X with a Firewalla Gold and the default triple setup option does not cut it, so started with first internet (VLAN 6) and added IPTV (VLAN 4) and thus building up the config. This enables Internet and IPTV but the interactive part of the tv decoders do not work. My ISP (KPN) requires and NAT to be active.

From my ER-X the NAT rule is:

description IPTV
destination { address 213.75.112.0/21 }
log disable
outbound-interface eth0.4
protocol all
source { address 192.168.2.0/24}
type masquerade

I translate that in a iptables rule:

iptables -t nat -A POSTROUTING -o vlan4 -s 192.168.2.0/24 -d 213.75.112.0/21 -j MASQUERADE

The rules active are:

-A FR_ICMP -i eth0.4 -p icmp -m icmp --icmp-type 8 -j DROP
-A FW_INPUT_DROP -i eth0.4 -m conntrack --ctstate NEW -m conntrack ! --ctstate DNAT -m comment --comment 09f961b7-d5fa-42cc-8e6e-3d3e41a3c62f -j DROP
-A FR_OUTPUT_SNAT -s 77.169.21.247/32 -o eth0.4 -j MASQUERADE
-A FR_PREROUTING -i eth0.4 -j CONNMARK --set-xmark 0x80/0xffff
-A FR_SNAT -s 192.168.2.0/24 -o eth0.4 -j MASQUERADE

I've set the dhcp server to 192.168.2.x and the router to 192.168.2.254 to match the edgerouter-x config to compare it. This config can be found here

I need help to manually override the iptables rules to set the NAT rule for interactive TV. That should be possible (not via the interface though) or am I missing something?

Suggestions are welcome while I'll keep experimenting.