Firewall/NAT

Hello,

I am switching to a new ISP, and instead of giving me 1 subnet like many ISP's do, they assigned me a /30 which routes to a /28.

10.2.10.92/30
-> 10.2.10.93: ISP's gateway
-> 10.2.10.94

10.2.10.144/28
->10.2.10.145
...
->10.2.10.158

So from what I can tell, I either have to use 2 devices, one to route between the /30 and /28 and my m0n0wall, or somehow use the m0n0wall to take care of all of this.  Right now, I have a Netgear with the WAN on .94 and LAN on .145.  This is not an ideal solution, since it causes some other problems with portforwarding etc.

Is there anyway I can handle all of this with my m0n0wall?  I do have a spare interface.  I really could use some insight here.  Thanks!

So no one has the answer to this, or am I asking this question in the wrong forum (or site)?

The /30 is for the wan, you have one ip and your isp has the other
The /28 is for an inside interface like lan or opt in a dmz role.

Though as they are 10.x address this is not much use anyway

They are public addresses, I just changed them to 10.x to protect network details

I want to run different devices on the public /28, so I guess there is no other way of doing this, and will have to keep the Netgear in place.  Just feels like such a waste.

Best practice would be to use a simple router. There is no NAT or port forwarding or filtering with it. Its WAN would be on the /30, its LAN would take one of the /28 IPs. From the router LAN port, you could plug in anything, including a m0n0wall, and go from there.

Is there some reason you can't use your Netgear as a simple router? If it can be configured in routing mode (no NAT and with a public IP on the LAN interface) it would work. Typically these types of things operate in Gateway mode and do NAT from the LAN which has a private IP. But if its mode can  be switched, you're all set.

I've had a few of the low end Linksys home routers that were capable of working in routing mode. But anything that will run a TCP/IP stack and forward across two interfaces will work - any Linux, BSD, even NT Windows or better. A throw away antique PC with two NICs that you could run headless once set up is all you need.

I am using the Netgear successfully, I just had to switch it to router mode, and allow all incoming traffic.  It seems to work, but I wasn't planning on using this Netgear in this role permanently, and was wondering if m0n0 could handle the role of both of these devices.  It was worth a shot   Thanks for all the responses!

so yes, m0n0wall can do this, just turn of the nat feature if you are using the /28 on lan