James B. Byrne wrote: > I will deal with NAT issues for these hosts at a later time. For now I am > concerned only with hosts that should not reach or be reached from the > public Internet in any case and therefore do not need a public IP or NAT. You can accomplish this much easier by simply using a firewall. I like OpenBSD firewalls in layer 2 bridging mode. Put the firewall in-line between the router and the rest of the network, no other network changes needed. If your not well versed in routing I wouldn't recommend going around making a bunch of changes to a system that I assume has been more or less working for more than a decade. nate