Using multiple IP addresses on a PPPoE dialer interface
We connect our Cisco 1812 with PPPoE to our ISP. We have a /29 subnet of public IP addresses. The ISP basically forwards all 6 addresses of the subnet through the PPPoE connection. The dialer interface is currently configured with one of these public IP addresses. Our LAN is a private IP address subnet and the router does NAT between the public IP address and the LAN.
Now we would like to make some use of those other IP addresses and set up an FTP server which is accessible through one of the other public IP addresses. The server should be in some DMZ outside the normal LAN. Only FTP should be accessible from the internet while the LAN should have full access to all services on the server.
However, I am not sure what the best way would be to go about this. I guess, it should be possible to setup a separate VLAN and do static NAT between one of the other public IP addresses and a DMZ IP address.
But I was wondering if it was possible to even assign a public IP address directly to the server and use some transparent firewalling to filter the traffic from the internet. The FTP server would be connected to one of the LAN ports of the 1812 and bridges the traffic from the internet to the FTP server, filtering everything except FTP if access it from the internet. Is this feasible?
Re: Using multiple IP addresses on a PPPoE dialer interface
I have tried what you have suggested but it did not work. Nothing went through.
I eventually managed to get it working with ip unnumbered.
ip address (public ip address & mask)
int dialer 0
ip unnumbered Vlan2
Then dialer0 "borrows" the IP address of Vlan2 and I can use other public IP addresses on devices in vlan2.
I also had to modify the "ip nat inside" to overload with the IP address of Vlan2 instead of Dialer0. Anything else (default route, crypto maps, gre tunnels, filters/firewall, etc.) could remain on Dialer0 as it used to.
Filtering to the other public IP addresses is possible on the dialer 0 interface as well.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...