Sorry it took so long to get back, I had my head under the hood building some new fun toys.
On the gateway:
DO IT!!! Also, drop the rented cable modem and go buy one. It won't be 100 percent secure (nothing is) but at least it won't have friggin backdoors inside of backdoors built in to it with crappy published kegen seeds that can be used to unlock the password of the day. (And you'll save money. You can buy one for ~$70 and you're paying about that much a year to rent one.)
Home routers fragging, scraggin suck to the max. They are a complete and total joke. And to some extent that is true for commercial routers as well. And a decent SMB commercial router can easily go 5K (US) plus a monthly subscription fee.
Get IPFire and contribute. Throw them a few bucks when you can or set up a VM or server for beta testing nightly builds, whatever. Or translate a wiki page. Everybody at every skill has something to contribute. (And I'm not associated with them.)
You can set up a P4 w/ 1GB RAM and 3 NCIS for under $100 (cost me 60). This is more than enough to be a gateway for less than 5 users.
Set up 3 dif subnets (blue / green / orange).
Learn how to harden the IPFire install and firewall. Learn how to set up NIDs. Set up the AV proxy.
Move your wifi in to a segregated subnet. Secure it, don't use it. Leave it for friends, significant other, etc to web surf. dd-wrt is good. But depending on a million ifs and thens it is still possible to have holes in some set ups due to flaws inherent to the underlying hardware itself. I've got a dd-wrt / hardened in a segregated sub net for the wife to surf.
Build a LAN. Learn how to set up HIDs.
Put a hardware FW between the gateway and the LAN. With a little elbow grease you can build a some what intelligent / adaptive UTM entirely from FOSS. I built one on a 10 year old netbook. I just had to add a USB NIC. For extra points learn how to port SNORT to IPTables and how to monitor IPT for rule violations and drop / perma-block violators.
Hardened Gentoo tuts (a lot of this will apply in general, I built my own hardened distro):
http://resources.infosecinstitute.co...ned-profile-2/
http://resources.infosecinstitute.co...ax-grsecurity/
http://resources.infosecinstitute.co...ng-checksec-2/
http://resources.infosecinstitute.co...x-rbac-clamav/
And after all of that there is still a ton of work that needs to be done on the systems and then there is all kinds of use case stuff like the
right way to use TOR (it involves VPNs, multiple exit nodes, chained random pathway proxies).
But it will be a while before you get to all of that. And you'll never know it all. Just strive to keep learning. Heck, I just found out about like 3 days ago that IPv5 is more than:
1) A mathematical possibility.
2) The failed ST protocol.
3) The groundwork for VOIP
It can actually be used to evade trunk / edge / BGP taps! Time to roll up my sleeves, there's always more to learn.
Oh and doze 7 is a combo big blabber mouth and nosy neighbor, move it off your LAN. I've got a hacked up doze server that I need for some toys. It's hardwired to the dd-wrt in blue w/ a static route so I can admin it from my main LAN terminal.