Does your wireless router have wired ethernet switch ports? Is the router a NAT router & DHCP server. If so simply connect the G4 directly to the router. The router will connect to the switch port. You could install a wireless NIC card in the G4 instead. What OS do you have on the G4. If it is Linux or OS X, then you can run an NFS server on the G4.
I hope you are using WPA encryption for the wireless hosts. Most routers have switch ports rather than hub ports today. However the wireless side is more like a hub than a switch. All of the traffic is visible to each host, similar to how it would be with wireless hubs.
If your router is a NAT router, then by the nature of how NAT works, it is also a firewall. If you want to offer a service on the internet, such as a web server, you need to forward the port used ( e.g. port 80 for a web server) by the service to the computer running the service. Also run a firewall on each machine and only open up ports you need for services you are offering to other computers on the lan.
---
There are some things you need to do to lock down the router.
- Change the default username and password for administering the router.
- Use a strong password on your router.
- Update the firmware on your router. There could be some security problems if you don't.
- If possible only allow administration on a wired connection.
- Use WPA encryption.
- Use a strong PSK KEY. I use a 32 byte (64 hex digit) random key.
There are things to do on the hosts as well. Apply security patches to your two hosts and the G4 machine. For the G4 file server, only install the minimum necessary, since you are only using it as a fileserver, you don't even need to install xorg on it. Go for a minimum Linux install. When it comes to servers, less is better. The fewer open ports, the fewer services running, the better. The fewer number of programs installed, the better. Besides presenting a smaller attack surface, you will not have security issues for software that isn't installed. This also means you won't have to patch software as often because you aren't running it.
For a server, consider a dedicated partition for /tmp and /var. Filling up the /var/ (or /var/log/) partition won't fill up the root partition. You can also use the "noexec", "nosuid" and "nodev" options to mount a separate /tmp partition. The /tmp directory is world writable, so you don't want a baddy dumping an executable there. It is still possible for an attacker running programs there, but they have one more speed bump do deal with, and it makes an automated attack less likely to succeed.
You could install Xorg but not install any window environment or window manager, such as KDE or Gnome on it. You can ssh into it (ssh -X user@host) and still use a graphic administrative program that the server's distro uses. The X server is on the terminal side, not on the G4 file server. So you can run the fileserver in a non X mode. E.G. init level 3 for SuSE or Fedora or Mandriva. ( Debian & Slackware assign the run levels differently by the way ) Run the noscript plugin on your firefox web browsers. Enable scripting only for web sites you trust. This can help prevent javascript based exploits. You can probably disable java in your web browsers without any problem.
You will probably run ssh on your hosts. Use the "AllowUsers" option. Use PKA (Public Key Authentication). The instructions for doing so are in the /etc/ssh/sshd_config file, just above the "UsePAM" line. This will protect you from script kiddie brute force attacks against system accounts & common user names. Disallow root logins.
If you forward ssh on your router, to enable logging in from a remote location (work, school, a friends house) change the port you use for SSH. For most routers you could forward a higher number port to port 22 on the LAN side. You could forward different ports to port 22 on each host to enable logging in to any host you have.
Good Luck.