Fibre... not so simple. You're given a choice between a Thompson and a Netgear router. (Unless you fork out for your own router.) Eclipse didn't tell me that neither allows for dropped/1-to-1 NAT, and the Eclipse customer services for FTTC are consumer orientated, so I gave up on phone support.
However, I did manage to work out how to achieve this (after nearly 2 weeks of pratting about and research) so this is what you need to do if you need the same sort of setup.
1. Take the Netgear WNR2000v2. (Do not take the Thompson. Although you can theoretically drop NAT on a Thompson, trying to configure the multiple virtual LANs and subinterfacing is an absolute nightmare(!))
2. Update the Netgear's firmware (using the Netgears default web interface) to DD-WRT. This is an alternate firmware that gives you a different web interface, but don't worry, its only mildly different. the setup/configure options are nearly identical to out-of-the-box Netgear. (At least the standard items.) The firmware you're looking for is dd-wrt.v24-14536_NEWD-2_K2.6_mini-WNR2000v2.chk and is available directly from the DD-WRT website.
3. Configure up and get on the internet as normal. The default internal IP for DD-WRT is 192.168.1.1 onwards. Therefore you can configure up your internal network for DHCP on 192.168.1.100-192.168.1.250 which will leave you 192.168.1.2-192.168.1.99 for static IPs.
4. Set up your first PC you want to have a static IP using 192.168.1.2
5. telnet to 192.168.1.1 and login with root and the password you gave your router
6. Enter the following 5 commands:
/sbin/ifconfig ppp0:1 x.x.x.x netmask 255.255.255.240 broadcast x.x.x.175
/usr/sbin/iptables -t nat -I PREROUTING -d x.x.x.x -j DNAT --to-destination 192.168.1.2
/usr/sbin/iptables -t nat -I POSTROUTING -s 192.168.1.2 -j SNAT --to-source x.x.x.x
/usr/sbin/iptables -I FORWARD -d 192.168.1.2 -j ACCEPT
/usr/sbin/iptables -A INPUT -p icmp -j ACCEPT
Replacing x.x.x.x with your first static IP after your WAN IP, and the x.x.x.175 with the IP just after your range (the broadcast IP).
EG. If your range is 220.127.116.11-18.104.22.168 then 22.214.171.124 will be your broadcast.
See if your second WAN IP is pingable. if so, your PC is now on the internet with a static IP using 1-to-1 NAT. You can add extra IPs to other internal IPs by incrementing the ppp0 virtual interface. EG:
/sbin/ifconfig ppp0:2 x.x.x.y netmask 255.255.255.240 broadcast x.x.x.175
/usr/sbin/iptables -t nat -I PREROUTING -d x.x.x.y -j DNAT --to-destination 192.168.1.3
/usr/sbin/iptables -t nat -I POSTROUTING -s 192.168.1.3 -j SNAT --to-source x.x.x.y
/usr/sbin/iptables -I FORWARD -d 192.168.1.3 -j ACCEPT
Where x.x.x.y is the second static IP after your WAN IP. The ICMP rule (the 5th rule in the first example) only needs to be run once, not after every additional IP.
Once you've practiced this (don't worry if you screw up, a reset will wipe the settings) you need to bake the script into the router:
7. Setting a script to do the above 30 seconds after the router boots up. (Giving it time to make a pppoe connection.) This is where I got stuck for ages - mainly because the router has only 16k of nvram and no internal storage. In the web interface of the router, under Administration, Commands, I saved the following as a firewall script:
NB: My additional IP range is x.x.x.162-174 (161 being the default WAN IP) so adjust your own script accordingly:
echo "sleep 30" > /tmp/firewall_script.sh
echo "for WANIP in 162 163 164 165 166 167 168 169 170 171 172 173 174" >> /tmp/firewall_script.sh
echo "do" >> /tmp/firewall_script.sh
echo "IFACE="\`"expr "\$"WANIP - 161"\` >> /tmp/firewall_script.sh
echo "LANIP="\`"expr "\$"WANIP - 160"\` >> /tmp/firewall_script.sh
echo "/sbin/ifconfig ppp0:"\$"IFACE x.x.x."\$"WANIP netmask 255.255.255.240 broadcast x.x.x.175" >> /tmp/firewall_script.sh
echo "/usr/sbin/iptables -t nat -I PREROUTING -d x.x.x."\$"WANIP -j DNAT --to-destination 192.168.1."\$"LANIP" >> /tmp/firewall_script.sh
echo "/usr/sbin/iptables -t nat -I POSTROUTING -s 192.168.1."\$"LANIP -j SNAT --to-source x.x.x."\$"WANIP" >> /tmp/firewall_script.sh
echo "/usr/sbin/iptables -I FORWARD -d 192.168.1."\$"LANIP -j ACCEPT" >> /tmp/firewall_script.sh
echo "done" >> /tmp/firewall_script.sh
echo "/usr/sbin/iptables -A INPUT -p icmp -j ACCEPT" >> /tmp/firewall_script.sh
sh /tmp/firewall_script.sh &
This effectively writes a script to the temporary folder on the router as the firewall starts, and executes it. after a wait of 30 seconds it runs a loop to set the rules we used above. I had to do it in a loop rather than just a big easier-to-read script due to memory on the Netgear. If you only have 2 static IPs, you probably don't need to worry so much.
Hope this helps someone. Good luck!
Edited by Sodoshi (Sat 20-Aug-11 11:08:31)