On 10/27/20 5:35 PM, Tim via users wrote:
On Mon, 2020-10-26 at 17:02 +0000, Steve Hill wrote:
> In addition to 198.51.100.1 and 192.51.100.2, the ISP is providing
> 28 extra public IPs (192.51.100.3-30), and I want to the firewall to
> be able to DNAT those IPs to internal machines, which means it needs
> to answer ARP for them.
>
> The router is routing all of the public IPs directly to its internal
> NIC. In an ideal world, we'd just reconfigure the router so that the
> IPs are routed via the firewall rather than being directly
> connected. However, I'm finding that for managed routers, ISPs are
> increasingly unwilling to set up custom routing.
I'm curious how they expected you to use their extra IPs if they won't
let their router be configured for them.
It is configured for them, but it's expecting them to all be on the
local network which is the typical case, not through another gateway.