@serbus Yeah, I thought about something involving different src IPs. I wouldn't even need something with RDP, could just set up a proxy and bounce the traffic off of that... but that's still a work-around. It's a better work-around than fiddling with the firewall rules though, and I already have a Raspberry Pi running my Unifi controller that would be perfectly fine to run nginx as a reverse proxy in front of one of the modems.
IMO, this should be something that's possible on a competent router/firewall, without involving any other equipment.