I found IPX support for the LFS system - note: do not use the IPX-HOWTO from Linuxdoc - it's about 2 years old and needs to be updated (of course, I'm sure that Novell NetWare/IPX has fallen out of such high demand). The original IPX software was written for old 1.* Linux kernels. The trick was to find the updated IPX software, no thanks to the HOWTO.
So the LFS system can access the NetWare server and mount its fileshares. Now I have to figure out how to get it to route IPX traffic from other workstations in the LAN to the server. I've installed something called ipxd, so I figure I just need to fiddle around with that some more to get it to work.
On the firewall front, I'm pleased to say that I've learned a lot about ipchains today and I have a system that has a default DROP policy, so far (which means that my ruleset is geared to only allow specific traffic that I've specified). That's very reassuring versus the default ACCEPT policy, as you would have to write a lot of denial rules and make sure you're on top of the latest hackin' craze.
So from the outside, you can't see my router at all (unless it initiated some sort of network flow, such as an FTP download).
Now I've moved on to tackling the VPN issue, getting that setup so our employees can access our LAN from outside. I've settled on using FreeS/WAN and before I left for the day, I left it re-compling the Linux Kernel. Tomorrow, when I get back, I'll put the new Kernel in place and reboot and cross my fingers. If that goes alright, then it's on to configuration and getting our co-workers setup on their clients.