Say I have 5 machines on a LAN that I would like to participate amongst themselves in an IPFS network (not necessarily using a private swarm key). Is there a good or easy way to get it to act as a client to the public IPFS network? I would like to be able to pull something from the public IPFS network and then subsequently share that file internally. Can I have two daemons sharing the same IPFS_PATH with one being a private cluster member and the other a read only client to the public network? Seems like bad things would happen if you had two daemons on the same IPFS_PATH.
No
Just try it 
by default we run a LAN dht which helps with local connectivity (you can check ipfs stats dht).
There are a couple of bugs in lan dht, but it works fine for discovering local peers.
I’m supposed to fix issues there (removing legacy code basically).
That means you wont have separation, your files will be fetch-able in the public network too.
I think I can get what I’m looking for by just disabling hole punching. Thanks.
Just so you know, this doesn’t make your content unreachable.
But it would be unreachable from outside the LAN as long as I didn’t do any port forwarding but reachable from inside, right?
Your nodes will still connect to public ones.
Then once your node established an outbound connection this connection becomes bidirectional and can be used by the other nodes to request data from you.
That’s hole punching isn’t it? Or is there something else going on?