Here is what I would like to accomplish. I want to setup a separate segment on my LAN for testing out new exploits, tools, etc. and still maintain the current segment for general use. I would like to be able to get out to the internet on my test segment to download patches, apps, etc. However, since this segment will most likely contain unpatched systems, I am worried about others also exploiting these systems to gain access into my LAN. What would be the best way to go about setting up this configuration? iptables, port forwarding?? I have a Dlink 625 DIR that I am currently using as a router as well as a Linksys WRT54G running OpenWRT.