> > Just to be 100% certain: If I bought a seperate *switch* and hooked it in
> > (via my hub's uplink circuit?), no packets would go to my ISP if they were
> > known to be destined for one of my LAN ports.  Yes?
>
> Yes, that's the way a switch is supposed to work.  However, some simple
> tricks will put a switch in promiscuous mode, so it acts just like a
> hub.  You can't count on a switch providing security.

I wasn't aware of that.  Still, I'd rather not be pushing LAN data out
over the modem gratuitously.  (^&


> > > 	- Configure one machine as a packet-filtering bridge, between
> >
> > I was beginning to think that this sounded like something that might be
 [...]
> 1.6 has bridging capability, but can't filter packets going through
> the bridge.

Ah, I see.


> > For the time and trouble to figure out OpenBSD for this box, I might as
> > well buy a little DSL router, yes?  Would that take care of all of my
> > worries (without putting me back to NAT)?  (^&
>
> The DSL router would do the NAT automatically, most likely.  It's "easy",

I set up one of these for someone else a month or few back.  I thought
that there were options for static IP vs. dynamic IP...  But it's been a
while.


> but your don't have much control over it.  As far as "figuring out"
> OpenBSD, if you know NetBSD, that would take all of, oh, fifteen minutes.
> OpenBSD is just a NetBSD heresy, after all.

But then there's burning an install CD, backing up the existing machine
where needed, installing, restoring from backup, and keeping on top of a
seperate list of bugs (introduced/fixed by the OpenBSD people).

It's *some* extra time and trouble.  A DSL router is about $50 (and
wouldn't tie up the PII---leaving it free to track -current or something;
(^&).


> > (I am unsure if it would, since I can't get NetBSD's DHCP to talk to my
> > ISP, and I don't know how flexible those little dedicated DSL routers
> > are...)
>
> You may need to broadcast a hostname in your DHCP request.  It's been a
> while since I screwed around with DHCP ...

I couldn't see how to do that.  I did try specifying the ISP's gateway as
the DHCP server:

  dhclient -s 66.136.7.254 rtk0

..but that didn't do anything useful.  (On the other hand, I didn't
tcpdump it to see if it did anything more/different than before.)

Maybe if I specified their nameserver as the DHCP server?


> > > 	- Go back to the NAT set-up, give one static address to the
 [...]
> > Hm.  I'd thought of going back to NAT, but didn't know I could remap the
> > addresses this way.  That looks like an interesting option.
>
> DNS in this set-up dan be kind of tricky, if you want to access
> your machines from the internal network by their external IP addresses.
> But whether through individual host file, YP, or split-horizon DNS, it's
> do-able.

I generally know how to do /etc/hosts.  I've never dealt with YP, and
don't even know what "split-horizon DNS" is.  (^&


It's beginning to look like I'll just keep my modem plugged into the hub's
uplink for now.


  ``I probably don't know what I'm talking about.'' --rauch@math.rice.edu