I have the following setup
Code:
I N T E R N E T
|
|
|
-------------|---------------
85.xxx.xxx.xxx
external interface
Speedtouch Router
internal interface
10.0.0.138
-------------|---------------
|
|
-------------|---------------
10.0.0.200
external interface
OpenBSD Firewall
internal interface
192.168.0.1/24
-------------|---------------
|
|
---|---
switch
---|---
|
|
-------------|---------------
192.168.0.10/24
Desktop
-----------------------------
And I don't do double NAT
The Speedtouch does NAT.
Because the Speedtouch router only knows the 10.0.0.0 network it has to be told that incoming packets (the replies) for the 192.168.0.0 network have to be sent to the 10.0.0.200 interface.
In other words, this 10.0.0.200 interface is the gateway for the 192.168.0.0 network. On the Speedtouch I added the following static route:
Code:
Destination Source Gateway Intf
192.168.0.0/24 10.0.0.138/32 10.0.0.200 eth0
So if your router allows you to configure static routes, then you could do a similar setup.