What's the use of "Sharing a public IP address" vs "Distributing a range?

Thanks, this is really making up for the lack of such systematic information in all the documentation available for the AEBS.

Let me explain my situation: ISP provides, though Ethernet connection, three public IP addresses which are allocated to my three Macs (through a switch) on the basis of their MAC addresses. So far this was all a wired network. Now, I bought a AEBS to replace the switch in order to have the following additional functionality:

- WiFi
- A way to shield my local network from the larger network of the ISP so as to be able to add a network storage disk and a shared printer without all the people on the ISP-wide network having access to them.
- Additionally, I would like to be able to remotely access one of my Macs through FTP, which in the old set-up did not function, probably because the router on the ISP-network was not set up accordingly.

Now, so far I have been able to set-up the AEBS only in two ways:

1) as a bridge, in which case it merely functions as the old switch I had, with Internet access restricted to the three machines whose MAC-addresses are registered with the ISP. This defies the whole point of the exercise.

2) Registering the AEBS Ethernet MAC address with the ISP, allocating it to one of the public IP addresses provided and sharing this address to the other computers on my network, using DHCP and NAT. This works, but how to set up FTP access in this case, now that the iMac concerned has "lost" its public IP address?

I tried to use the third option, of having AEBS distribute my range of IP addresses, but could not get it working. Probably, though, it is of little use to me, because it would not shield my home network from the wider ISP-network, isn't it?

Thanks a lot for this! I feel I am getting at the gist of things now - I can follow the logic of your instructions. Two more questions:

o Service: FTP Access (Note: The correct port (21) will be populated for the Public & Private TCP ports. You are free to change these as required.)
o Private IP Address: <enter the reserved DHCP IP address created from above>
o Click "Continue"

1) What are the Public & Private TCP ports, and should I change them?
2) At what address will people from outside be able to reach the FTP server? The public IP allocated to the AEBS?

Thank you so much. I guess I will manage now configuring this set-up. Exactly ho safe is it to open up a computer on your network for FTP access?

Yes. In turn, any FTP requests coming from the Internet, will be port mapped to the private FTP server on your local network. Only these ports would be "open" to the Internet instead of all of them when a local device was configured with a public IP address. You can still employ additional safety measures by using either OS X or Windows (as appropriate) software firewalls on the individual hosts.

And, just for the record - what is the use of creating a default host in your network, i.e. having all internet traffic initially routed to one machine? As far as I understand this means it fully exposes the machine to the outside world, i.e. effectively eliminates the NAT firewall for that machine, so what are the benefits?

Thanks again for your help. Much appreciated!!!

Aha, I see. Would that also be the preferred setting for a Mac which has personal web sharing enabled, or only in case you intend to do real serious web-hosting?

Typically, but not limited to, placing a computer in a DMZ (what Apple calls a Default Host) is desired when you want unrestricted access to this device from the Internet. An example would be a server hosting on-line multiplayer gaming.