The thing is, without seperating your network in any way, all of the IP addresses will have to follow the same scheme in order to connect with the rest of the network. You can still use almost the exact same scheme that you have, but you would probably have to reassign what computers have what IP. You would want to insert a dual-homed Linux machine to use as a firewall/router and then you can assign what IP addresses can go where. If you decide to go this route (cheaper than purchasing more devices than needed), then I will help you write the firewall script that would be useful to you. I understand that this is really not what you wanted to get into, but in the long run, I think this will give you more of what you need. As far as the resources on the internal network that can be accessed by anyone, anywhere, that would be resolved by using seperate user accounts for each user that logs onto your network, and only allowing those users access to the resources in question instead of limiting by IP address (which could also be done).
Hope this helps.
Edited by Greazy, 31 May 2005 - 05:27 PM.