Plaidophile

So, I got sick of this new Linksys constantly dropping my connections and its general sucktitude, and the current state of consumer routers is pretty depressing. I did notice that OSX supports one-armed routing, however (where you basically pull stupid VLAN tricks to have both the public and private networks routed on a single piece of cable).

So, I set up some one-armed routing, with my Mini acting as the router on Ethernet, with it on a hub connected to the DSL modem, along with my Airport Express access point and a few other devices. The ARP table looks clean on both my Mini and my G5 (I don't see any evidence of ARP entries for things which shouldn't be visible to other things, even after doing a broadcast ping), so I'm assuming that my DSL modem is smart enough to not forward packets to anything other than the upstream gateway (which it acts as an ARP proxy for, I think — it's a bridge rather than a PPPoE modem).

Am I setting myself up for disaster doing this?

(I considered using the G5 as a proper two-armed router, except I can't get a DSL signal from my office and anyway then everything would be routed over my G5's crappy 802.11g connection which is all the way across my apartment from most of my other stuff, and OSX's own "treat this computer as an access point" has crappy WEP options and I doubt it supports WDS and so on.)

The big potential problem I can see is that OSX's firewall doesn't let you specify "open these ports to one network but not the other" and so things like VNC, AFP et al are wide-open, but they'd have to be all-or-nothing and so I'd have to do an ssh tunnel to use them at home too. I guess that's not too difficult to set up but it's annoying.