On Thu, 2005-20-01 at 15:58 -0800, Nifty Hat Mitch wrote: > What about... > > Internet > | > Cable-DSL Modem > | > Network-N-port-HUB > | | | | > | | | \ > | | | \ > | | | CustomerFixedIP > | | | > | | \ > | | \ > | | \ > | | \ > | | FixedIP4 > | | YourRouterFirewall-NAT > | | | > | | N-port-HUB > | | YourDHCPclients > | | \ \ \ > | | Ten1 Ten2 Ten3... > | \ > | \ > | YourServiceBox > > > What you place behind the modem depends on the service > you purchase in front. There is little need to firewall the > tenants from each other as long as they are connected > to a switch so packet snooping is hobbled. This is another option I had considered, and I agree, it's the simplest design. However, the problem with it is that the business centre owner very recently completed renovations, and only supplied one Cat5 port to each office. Since they want to put in Asterisk soon to replace the old, existing PBX, any tenant not connected to the local LAN will not have access to the PBX. Any tenants plugged into the first HUB/Switch (in order to receive one of the public IPs) in your diagram won't be able to use Asterisk, which would be located behind the firewall. Of course, this can be solved with a VPN setup, but there's no point in going out to the net to get back into Asterisk when it should be available from within the network. I really do like what you've suggested, simply because there isn't a lot of networking experience required. :) But, I don't see how it can work without telling the owner to run another Cat5/6 to each office. Thanks for the reply. I appreciate the input. Regards, Ranbir -- Kanwar Ranbir Sandhu Linux Consultant Systems Aligned Inc. www.systemsaligned.com