four steps to go:
1.- Install divers for both net cards with modconf. By default Debian does it's best to detect and bring the first card up. Test with ifconfig. You should see entries for eth0 and eth1.
If you find only one card is working, you'll have to bring second card up with something like:
# ifconfig eth1 192.168.1.254 netmask 255.255.0.0 up
2.- Install etherconf. It will help you configure your network cards.
# apt-get install etherconf
If later you want to change your settings just run:
# dpkg-reconfigure etherconf
3.- install iptables
# apt-get install iptables
4.- Install a firewall and make sure it auto-starts on reboot. Copy firewall (or whatever you want to call it) to /etc/init.d/ and then run:
# update-rc.d firewall defaults
Here's a sample very basic firewall which you may want to trim yourself. This has been adapted from:
http://www.linuxguruz.com/iptables/s...rewall_020.txt
-------------------------------------------------
#!/bin/bash
# A basic firewall you must copy to:
# /etc/init.d/firewall
# Parameters.
# Your internet card
OUT_DEV="eth1"
# Your lan netmask and broadcast
LAN_RANGE="192.168.0.0/16"
LAN_BCAST="192.168.255.255"
# Your lan netcard's IP
LAN_IP="192.168.0.1"
# and its name
LAN_DEV="eth0"
# Flush the rules
iptables -F
iptables -t nat -F
# Masquerade ioutgoing requests
iptables -t nat -A POSTROUTING -o $OUT_DEV -j MASQUERADE
# Mask anything going out of your internal network
iptables -t nat -A POSTROUTING -d ! $LAN_RANGE -j MASQUERADE
# Handle internal traffic
iptables -A FORWARD -s $LAN_RANGE -j ACCEPT
iptables -A FORWARD -d $LAN_RANGE -j ACCEPT
iptables -A FORWARD -s ! $LAN_RANGE -j DROP
# Disable invalid incoming packages
iptables -A INPUT -i $OUT_DEV -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i $OUT_DEV -m state --state NEW,INVALID -j DROP
# Disable port 113
iptables -A INPUT --protocol udp --source-port 113 -j DROP
iptables -A INPUT --protocol udp --destination-port 113 -j DROP
# Start IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Route incoming packages to eth0
iptables -A PREROUTING -t nat -p tcp -i $OUT_DEV --dport 80 -j DNAT --to $LAN_IP
# Route ftp traffic to eth0
iptables -A PREROUTING -t nat -p tcp -i $OUT_DEV --dport 21 -j DNAT --to $LAN_IP
# You may start your second net card here:
ifconfig eth1 192.168.1.254 netmask 255.255.0.0 up
-------------------------------------------------------------------
Hope this helps.