Server not sending SYN/ACK after receiving SYN using RAW Socket

Question

I am trying to implement a firewall using RAW Sockets.
Following is my setup: 3 Virtual Machines, 2 of which are acting as host and one will act as a firewall. All the packets of both hosts route through the firewall

Host1 ------------------- FIREWALL ---------------------- Host2

If I want to ping Host2 from Host1, I must change the destination MAC of the packet to direct it to Host2 from Firewall. No further changes are made in the received packet. Since I was able to ping both hosts from each other, I tried to test the setup with iperf3.
But when I try to connect to the server (Host2 running iperf3 sever) from Host1, I am not able to receive SYN/ACK after I send SYN to the server.
I went through multiple similar questions and it seems that there is a problem with checksum field. I am not sure how TCP checksum could cause this issue as the only change made was in the Layer 2 header which is not considered in the TCP checksum. So if not checksum, then what is causing this issue?

Routes tables :
Host1

Host2

Firewall

Basic Setup for setting in promiscuous mode

Here is where I am updating Destination MAC