Hello,
Thank you very much for your assistance!
I have now got a working setup.
I had some problems with the gateways. I entered the appropriate gateway addresses on both sides of the router, i.e. WAN and LAN side.
I set the WAN port to 10.128.254.254/16 and the LAN address to 172.16.0.65/16 (because this was already set as gateway in the LAN device I was using).
Then I configured the firewall to pass all traffic between WAN and LAN, and switch off masquerading.
The I added the following NAT rules to the firewall:
iptables -t nat -I PREROUTING -d 10.128.0.0/17 -i eth1 -j NETMAP --to 172.16.0.0/17
iptables -t nat -I POSTROUTING -s 172.16.0.0/17 -o eth1 -j NETMAP --to 10.128.0.0/17
I used 10.128.0.0/17 so that the WAN gateway address is out of range of the NAT rule.
Now I can ping 10.128.0.60, and get a response from the LAN device with ip address 172.16.0.60.
Using tcpdump has also helped!
Thanks!