With fully routable ip addresses you have no need for NAT on your router in the case you mention. The ISP would simply route all traffic destined for any address in your block to your router, and you simply configure your router's routing table and you're done. The linux-based router distros are using iptables--they provide gui controls for some of its features--I'd guess that most of them would expose enough controls for you to limit access to each machine per-port as you describe. For rate limiting, that has nothing to do with iptables--you'd use tc for that. I have no recent experience using the linux router distros, so can't say if any of their gui interfaces expose traffic control parameters. Setting up tc to rate limit your example would be fairly straight forward.
Your message didn't clearly distinguish what setup A vs setup B was, so I'm not sure how to answer your last question. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
