- Bronze, 100 points or more
We connect our Cisco 1812 with PPPoE to our ISP. We have a /29 subnet of public IP addresses. The ISP basically forwards all 6 addresses of the subnet through the PPPoE connection. The dialer interface is currently configured with one of these public IP addresses. Our LAN is a private IP address subnet and the router does NAT between the public IP address and the LAN.
Now we would like to make some use of those other IP addresses and set up an FTP server which is accessible through one of the other public IP addresses. The server should be in some DMZ outside the normal LAN. Only FTP should be accessible from the internet while the LAN should have full access to all services on the server.
However, I am not sure what the best way would be to go about this. I guess, it should be possible to setup a separate VLAN and do static NAT between one of the other public IP addresses and a DMZ IP address.
But I was wondering if it was possible to even assign a public IP address directly to the server and use some transparent firewalling to filter the traffic from the internet. The FTP server would be connected to one of the LAN ports of the 1812 and bridges the traffic from the internet to the FTP server, filtering everything except FTP if access it from the internet. Is this feasible?