I have a small office network with a DSL connection to the internet. The phone company provides us with a router that provides NAT but I'm told relying on a NAT router as a firewall is weak. On the internal LAN we have a RedHat Samba server. We do not offer any public services (HTTP, FTP, Email, etc.) to be concerned about allowing outside traffic.

If I want to beef up our firewall security should I add a second NIC to the Samba server and also use it as a Linux firewall? Or, is it better to build a separate box to act as a Linux firewall?

Not being a security guru, I didn't know if adding a second NIC and IP masquerading on the Samba box would make it more vulnerable to internet attack.

Does if matter? If the Samba box is setup correctly, would it drop any and all unwanted packets before they hit the internal network? If the stand-alone box is better, what kind of hardware requirements are needed to deploy an older computer as a non-GUI firewall? I've read that Linux can be used to resurrect old hardware in a case like this.

Any advice would be appreciated.

It would be best to build a firewall only box. You could use the samba box but a firewall should be doing 1 thing and 1 thing only.... firewalling . The ammount of computer you need depends on the ammount of traffic your office makes, since your using a DSL connection you should be safe with just about any old box you have sitting around. I wouldn't buy anything above a Pentium 2 (if you have to buy). Pentium 133Mhz work fine, my smoothwall setup is run on an old HP P3 Celeron 533 with 128MB of ram. This is over kill but it's all I had sitting around.

There are lots of firewall only version's of linux floating around. I'm using smoothwall, I hear that IPCop is good too (based on smoothwall).