Thanks for this discussion. It's been more helpful than the PCI DSS police. After LaPastenague's initial reply, I double-checked that our Macs' individual firewalls were also on, and set to stealth mode. And the NAT aspect is clear, and in place.
In the interim, I received a report that my network passed the vulnerability scan for intrusion penetration as it is now set up. And our new cc terminal clearly has very robust security of its own. Unfortunately, though I'm relieved I personally have "passed" the PCI DSS security test and that two days of frustrating distraction jumping through their hoops is over, I suspect, from this discussion, that even their rigorous tests do not assure that one's network is secure!
The moral to this may be to upgrade hardware and software components regularly in order to maintain better security. My store is too small to employ a dedicated IT person so, for my peace of mind, I undertake that responsibility. But I'd prefer to spend most of my time selling books! Thanks again for all the advice.