> 
> Hum.  Why didn't I think of that?  (^&  (Pro'ly because I've had a year of
> conditioning with the whole PPPoE mess that they want for dynamic
> support...)  That sounds like it'd work.  Of course, then:
> 
>  * I have 1 extra ethernet card (oh woe!).
> 
>  * I lose the option of setting up a firewall.  I kind of like the fact
>    that, at present,?all traffic goes through one machine.  While I
>    haven't made an effort to make it really secure, it does make it easier
>    if I decide that I need more security.

Most systems these days come with some sort of packet-filtering software,
which you could implement on each host.  If you still want or need an
overall fire wall, you could

	- Configure one machine as a packet-filtering bridge, between
	  your modem and hub, where the other systems are attached
	  with the static route-able addresses you have from your ISP.
	  Unfortunately, you can't do packet filtering on bridge in
	  NetBSD, but it works fine on OpenBSD.  I'm pretty sure you
	  could also do it with FreeBSD or Linux.

	- Go back to the NAT set-up, give one static address to the
	  external interface of your gateway, and give its internal
	  one and your other systems 192.168.0.0/16, 172.16.0.0/12,
	  or 10.0.0.0/8 addresses.  Then assign the rest of your
	  static addresses as aliase the the gateway's external
	  interface, and use ipnat's "bimap" directive to map those
	  aliases to the addresses of you NAT-ed machines.

David S.

>