For this system I can only recommend OpenBSD.  Linux is great, but security is NOT the first consideration with Linux.  With OpenBSD it is.  IPfilter, which currently comes with OpenBSD (ver 2.9) is awesome (one of the best firewalls around free or commercial) and much easier to configure than IPtables/Netfilter in Linux.  Snort is a great choice for IDS.  A 486 or (preferably) old Pentium running OpenBSD with 32mb ram and a 500MB hard drive is all you would need.  I use an 85mhz Sun Sparc5 with 32mb ram to do this same thing, plus mail, web, and dns.  It sits 98% idle!

Having multiple NICs would be fine, a little more difficult on the config, but nothing too much. Basically your system will just have to route traffic to each interface and you will need to use bigger netmasks (ie 255.255.255.248 instead of 255.255.255.0).  But your firewall can control the traffic much tighter.  If you don't already have the extra NICs, I would spend the money on a cheap HUB or switch.

For more info on OpenBSD goto http://www.openbsd.org and for info on configuring http://www.nomoa.com/bsd.  The network install for OpenBSD is pretty easy and I recommend it.


---------------------------------------------------
> 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> <HTML>
> <HEAD>
> 	<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=iso-8859-1">
> 	<TITLE>Router + firewall + NIDS questions</TITLE>
> 	<META NAME="GENERATOR" CONTENT="StarOffice/5.2 (Linux)">
> 	<META NAME="CREATED" CONTENT="20010825;19020300">
> 	<META NAME="CHANGEDBY" CONTENT="Ben Beeson">
> 	<META NAME="CHANGED" CONTENT="20010825;19170400">
> </HEAD>
> <BODY>
> <P>Aloha all,</P>
> <P>	I would like some advice on how to do something.  I would like to
> build a router + firewall + NIDS from scratch to use for my home LAN. 
> I was thinking of building a box to act as a router and firewall for 1
> Sparc, 1 VALinux box, one Mac, and one Windoze box.  I envision a Linux
> box for this that should boot headless.  I also want this router +
> firewall box to share one internet connection with all the others. 
> BTW, the Mac and Windoze boxes will need a wireless connection
> (wireless 802.11???).   I was also thinking of running Snort on the
> internal side of the router + firewall to monitor what gets past the
> firewall.  Because of all this, I don't think that the linux router
> project will work, but the idea is mostly the same.</P>
> <P>	What I would like to know is what does the community of experts
> think is:</P>
> <P>
> ---
> You are currently subscribed to luau as: dusty@sandust.com
> To unsubscribe send a blank email to $subst('Email.Unsub')
> --  a fast enough CPU for such a task,</P>
> <P>		--  how much hard drive should I buy, 
> </P>
> <P>		--  and should I run a hub behind the firewall, or should I just
> throw in some extra NICs? 
> </P>
> <P>	Any ideas would be greatly appreciated.  
> </P>
> <P><BR><BR>
> </P>
> <P>Thanks in advance for your help,</P>
> <P>Ben 
> </P>
> <P><BR><BR>
> </P>
> </BODY>
> </HTML>