My experience has been that organizations with a public IP range (typically a /29 subnet) usually set up Internet connectivity this way:
Router External Interface: Public IP Router Internal Interface: Public IP Firewall "External" Interface (connected to Router Internal Interface): Public IP Firewall Internal Interface: Private IP
My question is, why? Why waste three public IP addresses doing this, rather than having a single public on the router's external interface, and using private addresses from there? Is it because it's easier to set up NAT on the firewall?
Thanks for any guidance.