I'll explain what all of this means and you can draw conclusions from that based on what you want to do.

Quote:
Customer's IP's or LAN IP's (For routers):
Static IP addresses:
64.197.129.33
64.197.129.34
64.197.129.35
64.197.129.36
64.197.129.37
Gateway:
64.197.129.38
Subnet Mask:
255.255.255.248

WAN Side (For routers):
IP Address:
69.125.107.154
Subnet Mask:
255.255.255.254
Gateway:
69.125.107.153


Let's start with the second part, the WAN. The IP address is the address you need to configure on your outermost IP device. This is the address that the ISP knows should be directly on the other side of their pipe. The gateway is what you should set the default route of that device to. It's the address of their device directly on the other side of the pipe from you.

The .254 netmask is a special case, and it's a fairly newly designed special case, which is why your router/modem/whatever won't take it. A subnet mask of .254 means that there are only two IP addresses in that subnet, but subnets are defined to have the first and last addresses be network and broadcast addresses, which are unusable by hosts. This has been changed to allow .254 netmasks to be a special case intended to specify a network used to connect two hosts together, and the network and broadcast address concepts are discarded, since they're useless in that configuration anyway. The old way to do that was to use a .252 netmask, which would be 4 addresses: the two hosts and the network and broadcast addresses. The point of the change is that in the new method, you get a 50% savings in IP addresses for those networks, which are fairly common these days. Anyway, using a .252 works for you because it incoporates the .254 network. I imagine that the ISP knows that it's possible for your device not to understand the .254 netmask, so probably kept the IP address for itself that's the one that would be a host address in the .252 network, otherwise your gateway would appear to be a network or broadcast address, and I'm not even sure that that would work, and if it did, it'd be less than optimal. (I can't tell if they've done the right thing without having at least the last octet as your actual number, and either you've changed it or your ISP is wildly screwed up.) The other problem is that you won't be able to communicate with the hosts that are in the other half of that .252 network at all.

Phew.

Now onto the first set of addresses, your static IPs. What's going on is that your ISP is routing the x.x.x.32/255.255.255.248 network to you via the WAN IP address. (In this case, your numbers work out, so you might have copied the last octets here. If so, the .32 and .39 addresses are your network and broadcast addresses.) That is, the ISP knows that it's not directly connected to that network, but it knows that they're accessible via your pipe. That means that you can do virtually anything you want to within your network. They have suggested that you configure the .38 address (again, if your numbers are vaguely accurate) as the inside of your router and use that as the gateway/default route for all the other computers, which get the other IP addresses as their own. Of course, you could set those IP addresses up in your firewall as NAT destination addresses, or on individual hosts or whatever. But you can do absolutely anything with that network you want to.

The "normal" thing to do would be to configure your firewall with all those addresses, use most of them for NAT, and use one or two as passthrough (or nearly so) for your DMZ hosts. Preferably, you'd want multiple internal interfaces on your firewall for that to separate the DMZ hosts from the others. (That would mean at least 3 interfaces total.) Or if you don't have that many interfaces, have the DMZ hosts not behind the firewall at all on the same network as the outside interface of the firewall. Of course, that means they'd be directly attached to the internet with no defenses but their own.

I hope that information helps you figure out what you need to do.
_________________________
Bitt Faulk