On 1 Oct 2009, at 21:56, ML wrote:
So I am wanting to build a firewall to front end my traffic. Assign one of my statics to it and have Comcast statically route my traffic to this IP.
You don't need to do this. You can run all the IPs on the firewall box, and route them to machines on a private subnet behind the firewall.
Can anyone offer advice?
I've had good results doing what you describe - but it's fairly slow to get it up and running and the process is very detail oriented, and you end up having to do quite a bit of spadework to get a config that is as hardened and reliable as a commercial firewall product. There are some reasonable graphical tools that can help you. The one I've used is fwbuilder (http://www.fwbuilder.org/).
I've also looked at Vyatta, and heard good things about pfsense.
S.