Passing traffic helps

Hi guys, so I have a Suricata on my network, it only has an ethernet interface to ens18. My router forwards the traffic that comes from the WAN to it, it analyzes it and there is a script that when it finds an Alert it automatically creates a firewall rule on my router. Problem is it seems that it sends the wrong IP, usually it sends my Public IP as source, so I wanted some help I think I should create a virtual interface something like that, so that when an alert occurs it sends the correct Source IP , not mine, I believe that as everything comes and goes on the same interface, it is changing the IP, is there a way to do this?