> > Hum.  Why didn't I think of that?  (^&  (Pro'ly because I've had a year of
> > conditioning with the whole PPPoE mess that they want for dynamic

Just to be 100% certain: If I bought a seperate *switch* and hooked it in
(via my hub's uplink circuit?), no packets would go to my ISP if they were
known to be destined for one of my LAN ports.  Yes?

Or would I need to actually plug all of my machines into a real switch,
along with the DSL modem?

I had hoped that plugging directly into my hub's uplink would act this
way---but while it *works*, it appears to be forwarding traffic over the
model (as best it can, given that my home LAN is 100Mbps).  This isn't
ideal, but everything seems to be working this way.


 [...]
> >  * I have 1 extra ethernet card (oh woe!).
> >
> >  * I lose the option of setting up a firewall.  I kind of like the fact
 [...]
> Most systems these days come with some sort of packet-filtering software,

Yes, but even at just 3 hosts, it would be nice to centralize it.  (^&
The moreso since I'm not terribly fluent at such things.


> which you could implement on each host.  If you still want or need an
> overall fire wall, you could
>
> 	- Configure one machine as a packet-filtering bridge, between

I was beginning to think that this sounded like something that might be
suitable for "bridges", though I've never really dealt with them before.
I seem to recall that people were talking about adding bridge capability
to NetBSD.  I thought that it was in -current, and might be in 1.6---but
from what you say, I guess I was wrong (or if it's in -current, now, it
got added after 1.6?).

For the time and trouble to figure out OpenBSD for this box, I might as
well buy a little DSL router, yes?  Would that take care of all of my
worries (without putting me back to NAT)?  (^&

(I am unsure if it would, since I can't get NetBSD's DHCP to talk to my
ISP, and I don't know how flexible those little dedicated DSL routers
are...)


> 	- Go back to the NAT set-up, give one static address to the
> 	  external interface of your gateway, and give its internal
> 	  one and your other systems 192.168.0.0/16, 172.16.0.0/12,
> 	  or 10.0.0.0/8 addresses.  Then assign the rest of your
> 	  static addresses as aliase the the gateway's external
> 	  interface, and use ipnat's "bimap" directive to map those
> 	  aliases to the addresses of you NAT-ed machines.

Hm.  I'd thought of going back to NAT, but didn't know I could remap the
addresses this way.  That looks like an interesting option.

On the other hand, over the past few hours, since reading your suggestion
of just treating the ISP's gateway as part of my LAN, I must confess I've
started to think greedily about what I might do with *my* old gateway, if
it were freed up from doing routing/gateway/etc. chores...(^&  I've always
wanted to set it up to track -current, but couldn't spare having it go
down on me without warning...


  ``I probably don't know what I'm talking about.'' --rauch@math.rice.edu