Ladies & Gentlemen
I have been using linux for a couple of years now and I am ready to try some new things. But first I need to set up a (secure as I can make it) dhcp/firewall. I am currently using a Debian Lenny box with firestarter but I don't really need the gui and I want to utilize some old (read ancient) hardware that I have on hand.
I have looked at several options but I am not sure which is the best option for my setup. I want that setup to look like this when complete.
Cable modem > router/firewall > my network { local, dmz, myth-TV, mail, other all as I have the hardware and time}
The options I have looked at are:
floppyfw
http://www.zelow.no/floppyfw/
building a Debian based unit
http://www.aboutdebian.com/firewall.htm
ipcop
http://www.ipcop.org/index.php
I like the idea of floppyfw because I can use the cd version and the box doesn't need a hard drive (green) and I have some even older hardware that it would work on. The down side is that if I use that even older hardware can it, the older hardware, keep up with the demands that will be placed on it when I set up my local mail serve and web server.
I see some advantages with the Debian based route too. Mostly in that I am familiar with the system. Also there are some features that I want to incorporate into my setup. Like Dynamic DNS and such to setup my own web server in a dmz. The instructions on the site seam clear to me but they lack certainty of a secure system when complete.
I do understand that security is an on going pursuit and I am not sure that the other options are any better at the start. I have been learning lately that I am not as secure as I thought I was and I have a lot of learning to do on this topic. That is why I am asking for your advice.
Ipcop seams like a great option on the surface. But after having read most of the install instructions I see that they seam to have taken away most of the on the fly configuration. I.E. In order to change the nic configuration, you have to rerun the network setup wizard you can't just take the interface down, change it's config and bring it back up. Also I am not sure it will do the things that the Debian based system will do, like allowing me to use dynamic dns to setup my own web/mail server. I am also not sure that I like the whole "configure from your web browser" idea.
Of course there may be another/better option that I don't know about yet that you all can point me to.
Eagerly awaiting your thoughts.