The router means that a machine will redirect packets received from one network to another. It is useless on most desktop PC. So I assume this Debian machine is used for that purpose.
1. Without configured forwarding - not more or less without router.
2. You probably already have a good firewall, it is called iptables. But it is unconfigured by default. For start securing I recommend to block every new incomming connection and allowing only already established, like that:
Code:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
3. It depends what services you want to provide behind router. For example, to allow ssh connection (on standard port 22) from one network connected by eth0 to other on eth1, you must configure port forwarding (if you use NAT):
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to IP_OF_SSH_SERVER_IN_ETH1_NETWORK
iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 22 -d IP_OF_SSH_SERVER_IN_ETH1_NETWORK -m state --state NEW -j ACCEPT