A customer has a network with an existing firewall that does not support PPPoE. The firewall is NATting a private nework on the inside.
They now want to connect a PPPoE link anyway, and we thought we could solve this by puttin a MT in front of the firewall, let the MT connect the PPPoE link to the ISP on ETH1, and connect its ETH2 to the outside of the firewall.
All we really want the MT to do here is to connect the PPPoE link for the firewall as invisibly as possible..
I however assume that we would need to do masquerading in the MT since we don’t have a static public ip-address on the existing firewall for this link, and I’m afraid that this might break protocols like SIP.
Typically the way I have seen this done in consumer modems is to configure them in ‘half-bridge’ mode, where they take the dynamic external IP-address received from the ISP via PPPoE and put it on the internal interface, so that the user (or firewall in this case) gets directly connected to the public IP-address without routing or NAT on the modem.
Can this be done with the MT in our case as well, or can the MT be made transparent in another way?