I would like to do the following: Setup back-to-back firewalls for all outbound and inbound traffic, lets just focus on the outbound for now though.
I have the following hardware: 1) Cable modem with 5 static IPs, 2) Netgear FVX538, 3) Netgear FVS336 - both are "somewhat enterprise firewalls". Both support NAT, and Classical Routing.
Here is what i tried to do: and yeah no it didnt work.
1) I tired setting the static WAN ips on the netgear fvs336, setting the LAN ips to 172.16.1.1 and disabling NAT. That worked i could ping 184.108.40.206
2) I then set the WAN ip of the netgear FVX538 to 172.16.1.5 and the gateway to 172.16.1.1, connected a cable from the wan of the FVX538 to the LAN of the FVS336
3) I then set the LAN ip of the netgear fvx538 to 192.168.1.1
4) Then i set a client PC to 192.168.1.5 gateway 220.127.116.11
5) If i enable NAT on both devices it works like a charm, but that is double natting and isnt the best solution.
SO if i disable NAT on the first netgear (fvx538) and enable classical routing. I can ping from the netgears internal diagnostics to any address no problem.
However and here is the problem: Any pc that is on the 192.168.1.x network (the lan side of the fvx 538) cannot ping any address outside of its own network. it also can't access the internet.
At this point i just want to know if this should work? Shouldnt i be able to take traffic from the "192.168.1.x network" and route it to the 172.16.1.x network without enabling NAT?
Any ideas would be great, if i have this misunderstood then well at least hopefully someone can tell me.