On 1 Oct 2009, at 21:56, ML wrote: > So I am wanting to build a firewall to front end my traffic. Assign > one of my statics to it and have Comcast statically route my traffic > to this IP. You don't need to do this. You can run all the IPs on the firewall box, and route them to machines on a private subnet behind the firewall. > Can anyone offer advice? I've had good results doing what you describe - but it's fairly slow to get it up and running and the process is very detail oriented, and you end up having to do quite a bit of spadework to get a config that is as hardened and reliable as a commercial firewall product. There are some reasonable graphical tools that can help you. The one I've used is fwbuilder (http://www.fwbuilder.org/). I've also looked at Vyatta, and heard good things about pfsense. S.