Setup Static IP's Router behind RG 5031NV

I agree that it all makes sense.  This seems like a configuration that would be commonly desired.  ATT should do a better job of explaining it.  There is zero documentation on this mode.  Part of what makes it unintuitive is because the identification of my router by using a private IP address from the RG is totally different treatment than used for either Supplementary Network or LAN IP modes.

By the way, my solution has one more level of complexity.  I am actually mapping the Public IP block to a private block (192.168.3.xx).  As a result the public static IP block is never specifically sent to my internal DMZ port.  I have a WAN to DMZ NAT conversion in between.  This, of course, makes it much easier to do two things:

1. have other supporting file or compute servers on the DMZ network for supporting my public servers,

2. allow more levels of virtual server mapping to be taken care of on my ZyWALL router (e.g. can map one public IP address to a mail server and a different web server).

Thanks for the help that got me started down the right path here.

Yes, I agree that this Cascaded router setup is highly confusing:

1. Having public IP addresses on one side of a router, the Internet on the other side of the gateway, and an intervening RFC-1918 private IP network in between is counterintuitive. One would think that publically-addressed Internet packets could not (and should not) traverse a private network.  However, this is actually a legal configuration given that the 2Wire router is prepared to route traffic over the private network.

2. Since you actually have another RFC-1918 private network behind your own router, the public IP addresses are actually completely virtual in that none of them are actually assigned to a physical LAN port on any device.

The cool part you have been able to do with this configuration is:

A) Be able to use your own router and static IP addresses behind it, which was never possible before the cascaded router option showed up in the last firmware update.

B) Cascaded router setup on the 2Wire + your 1:1 NAT configuration on your router essentially sidesteps the 2Wire routers' enforcement of 1:1 mappings between IP addresses and MAC addresses (i.e. no multihoming). You can now have all 5 of the public IP addresses usable within the same piece of hardware (the Zyxel router).

I have a question about the solution to this problem.  If you configure the WAN of your firewall with a private IP from the 5031 pool then I would think that the firewall  itself would use the dynamic public IP from the 5031 WAN side.  So devices _behind_ the firewall would have static public IPs but the firewall itself would be using a NATed and dynamic IP.  This would be a problem for me because I am currently running a VPN from the firewall and I need that the WAN side of the firewall also be static.

So it seems like you can have one static for your firewall _or_  5 statics for devices behind the firewall but you can't have statics for both?

Thanks,

Diego