[ale] Helping a friend select Firewall/NAT

[byron at cc.gatech.edu (Byron A Jeff)]

One of the admins on another mailing list I inhabit made the following request:

> Is there a router that is bigger than a SOHO (e.g. Linksys, Netgear) and
> smaller than a full on Cisco rack mount $K monster? Or does anyone have a
> Cisco monster just "laying about"? Yeah right! ;)
>
> Another of my little linksys boxes (a BEFSR41) has fried and I would like to
> be able to run 2 or 3 IP addresses off of one more professional router at
> the office. The current Cisco boxes are a bit more expensive that what I can
> get the boss to swing for.
> http://www.pcuniverse.com/product.asp?pid=3858385&m_id=32 ASA 5505 firewall
> at $600
>
> Is there a low hundreds DSL Firewall Router that will support 2 or more IP
> addresses on the WAN side and NAT and port forwarding on the LAN side?

I'm sure the standard recommendation would be some older PC hardware, a couple
of NICs and appropriate (and probably Linux based) software.

Here's the rub: the guy has been burned by Linux boxes three times in the
past. Each of his setups have been hacked.

So he's understandably a bit gun shy about going down that road again.

So I wanted to know if anyone had any recommendations about software that
has a reasonable chance of being secure out of the box. He's not a Linux
guy, so an interface that's in the same ballpark as the Linksys or Ciscos
would be preferable.

Personally I'm using Smoothwall. I've seen recommendations for IPCop though
I haven't used it personally.

My admin is a Windows guy. Trusts windows 98 (poor fella!). So any 
recommendations that are Windows based are also acceptable.

Thanks for anything you can offer,

BAJ