win2k as a router network design help?

[John]

Hello,

Our setup currently is as follows:

We have 30 computers behind a Cisco 2624(Sorry might be a
different number). The router is using NAT opening up specific ports as
needed. We have basically been using the router as our firewall. According
to our ISP they are suggesting we remove the NAT and add a firewall inside
the LAN because the router seems to be getting bogged down with all of the
NAT it has to do.

Questions:

1. Can we make a win2k machine a router/gateway? Any links or
help files on this?

2. What is the advantage/disadvantage of only putting a firewall
on a gateway and not on all computers?

3. Is there a better way to do all of the above.

I apologize if there are naive questions our sys admin quit and
I am just a programmer trying to get some of the questions answered to move
forward before they hire someone. Thanks in advance.

John

 

[Jim]

John,

I can't answer #1, but I can tell you that we recently changed our circuit
out and I had two consultants working on the project. One a Cisco expert
and one a Linux expert.

We ended up with a Cisco 26XX router that does not do the NAT. We took an
old PII 500 workstation and loaded IPCOP 1.3 on it as a firewall. The NAT
is done through the firewall and the system works flawlessly.

The firewall is very easy to configure and monitor. When we turned on VPN,
I was able to go into the port forwarding section via SSL browser connection
and configure it very easily. I'd highly recommend it.

Jim