[*] If in the end you discovered that your router/firewall prevented the successful outcome of the proposed scenario, it is because it is garbage, in fact - at least in the prosumer/corporate contexts - a router/firewall that does not correctly manage IPv4 routing, VLAN and NAT features together is practically trash.