Is my network design all messed up?
 

I'm setting up a firewall for my familys home network. It has 3 pc's on it- a real basic server (ie shared documents are the only thing it's really 'serving'), my laptop and my parents desktop. Currently they're all running into the same network switch and then through the router into the internet.

I was intending to take the server, install some firewall software and a second network card on it and put it at the 'point of entry' to act as a firewall. Hence all internet activity would go from the router through the server then into one of the two clients. However I get the impression from what I read that this is a bad idea, because I share documents and use vnc networking from the server.

The option is to get out our old pentium 100 and throw a network card and some firewall software on it (probably ipcop) and use it as a dedicated firewall which would feed into the switch which would have all three other computers connected to it.

I prefer the former purely out of convenience- only one computer sitting under the stairs where all the network cables meet, and I wouldn't have to dust off the p100. But security is paramount- I want to end up with a setup thats more secure than what I have now rather than less, if that sentance makes any sense.

Basically I'm asking whether I can get away with having shared resources on my firewall without having a serious security risk.

Oh and the router itself can be assumed to have no real firewall features.

as long as your firewall is secure and upgraded often, it's fine. Once your firewall is broken into, all the files and stuff in it can be accessed.

Dust off the old P 100 and turn it into a firewall.
Consider also Monowall, a BSD based firewall.

Consider the Geek factor of telling your friends you run a BSD firewall.

live long and prosper
floppy