Can I port forward to an external/public IP?

[GureenRyuu]

Hello.

I'm trying to do a port forward of incoming traffic through a certain port to an external IP. However when I implement the rule, traffic is not passing, even when I put an allow all rule.

It's working perfectly when I put in a LAN IP to forward to. But when I put in the public IP on the cloud, it's not working.

Incoming public traffic => firewall port 22000 => 192.168.44.44 port 22 (working fine)
Incoming public traffic => firewall port 22000 => 44.44.44.44 port 22 (not working)

I tried reaching the IP and port from inside the firewall, and they are successfully reached. I can even SSH  to the IP from our network and from the firewall. But when I try to port forward from incoming traffic to the server, I get a timeout. Any reason why this is happening?

[darkain]

This generally wont work, because the packet's return path wouldn't be hitting your NAT router.

NAT and Port Forwarding modifies the packet's destination address in-flight, but the return address remains the same. So when the destination attempts to reply to the packet, it would send it back to the original source with the modified destination. The source will see this packet, and have no idea what to do with it, because its local state table will have no matches for [original source] + [new destination]

Instead, a proxy service like HAProxy would work. Or, if this is web traffic, a service like Nginx would work as well.