On Thu, May 29, 2014 at 11:48 AM, Michael Hennebry <hennebry at web.cs.ndsu.nodak.edu> wrote: > My modem/router is a PK5001Z from CenturyLink. > IIRC a tech support person told me that it uses ppp internally. The thing looks like a typical NAT router to me. Are you sure you are getting public IP numbers on the LAN side? > With regard to security, > I would prefer to trust Windows or the modem/router as little as possible, > hence the desire to connect the Windows box to the main box. > > I would like to be able to manipulate the main box > so that the Windows box is invisible to bad guys, > i.e. has no global IP address. > I would like to be able to manipulae the main box > so that the Windows box cannot connect to the outside world, > even through the main box. > On exceptional occasions, e.g. updates, > I would like to be able to manipulate the main box > so that the Windows box can connect to the outside world. If that is all you want, you should be able to use a private-range subnet to connect the boxes, and run squid as an http proxy when you want the pass-through. -- Les Mikesell lesmikesell at gmail.com