EH-Net

I was looking to implement a DMZ to seperate untrusted public from trusted LAN.

From experience, can anybody suggest a good *nix based solution for perimiter firewall/router?

I've looked a zeroshell and ClearOS...hoping somebody can share experiences they have encounter down this road.

im new here by the way, this place has an amazing amount of good information  ;D

Welcome to the forums!

Check out: http://www.pfsense.org/

Pfsence is a good choice , there are couple of similar stuff in the area but pfsence is a good tested one by several organizations along with that it is based on BSD system rather then Linux which gives you more stability and security I believe

thanks, this should work well.

ive been looking to get my hands on a bsd system for some time...ill repost after ive tested it out this weekend.

FreeBSD  ;D There you go: www.freebsd.org/   ;)

my pfsense box is up and running. so far so good ;D

its nice to be able to watch all incoming and outgoing connections on the perimiter. the default rules that came with install were sufficient enough for me to watch the traffic for awhile....i wrote a few custom chains to block some un-recognized connections. tons of features in this little box, its pretty cool.

now is time to implement the DMZ. i need to collect some equiment before hand...catalyst 2950, patch cables, and another NIC for the webserver. still playing with the idea of running my own DNS servers....virtualization could help there...need more research tho.

once i've configured the new network, ill post up any tricks or configuration tips I find. hopefully they will help another soul walking down this path. thanks for the suggestions!