I am somewhat of a newbie at network administration and would like to start a home project to learn more about Linux and networking.
What I am planning on doing is setup a Linux gateway to handle Firewall, IP-Masq, NAT, and IDS.
The machine Im setting it up on is a 133Mhz Gateway (<-brand-name) that Ive been told should be fine for this.

Currently I have 3 computers: a Debian Laptop(Victor), Gentoo desktop(Bane) and a Windows desktop all sharing DSL through a router.

Since I am new to these things I thought I would throw out the plan I've gathered from Googling on this topic to see if I am missing something or there are any issues or holes in it.

I have not used any of these features so I wanted a plan that could introduce each piece of a Linux Gateway one at time and maybe even document the process.
Of course there is MUCH more to each step (especially installation and initial configuration), but these are well-documented and I am not a newbie at locking down services and secure partitioning, etc.
What do you think?
Will this plan work?

1.Install Red Hat or Cent OS (minimal setup with no GUI)
2.Compile and install custom 2.6 kernel
3.Setup ethernet bridging between Victor and router via bridge-utils
4.Fix any issues preventing Victor from internet access
5.Enable bridge-nf code in 2.6 kernel to allow iptables to see the bridged IP packets and enable transparent IP NAT and iptables firewalling features using ebtables
6.Learn and create an iptables firewall filter. <-- this will be the most challenging from what I gather.
7.Switch GateKeeper from bridge-mode to gateway-mode still using the iptables setup.
8.remove router and connect GateKeeper to DSL modem
9.Enable IP-Masquerading for connection sharing and private networking
10.add switch and connect Bane
11.Test IP-Masq with NAT
12.Setup Intrusion Detection System

thanks

-Scott

i don'r really understand learning linux have to do with a Linux gateway.
Yes you learn how to build one.
But you can still use your router to connect all of your computers, and use linux has a workstation.
And in the router (depends the kind of router), you can block a a specified ip. so you will be able to block Victor anyway.

Well first, Im not trying to block any of my computers, Victor is the hostname my laptop computer.
Also, I would like to have a more secure home network (blocking malicious users from outside the network).
Learning IPtables and IDS is definately worth it to me.
The generic linksys router I am using now gives me nowhere near the amount of control that a Linux gateway will.
Sure, most companies will be using a Cisco firewall, but IPtables is present in all 2.4-2.6 kernels and covered in most serious Linux Certifications.
I also dont have a Cisco box to tinker with.
Ive been using my Gentoo Desktop system for 3 years, I am looking to expand my knowledge and set up an secure open source network.
I would like to replace my router with a switch and let the gateway handle the IDS, NAT, IP-Masq, and Firewall.

Im not sure I see why you think my cheap router is better then my proposed Linux based gateway/firewall.
Besides, I have no real purpose for a 133Mhz desktop. Its just collecting dust right now.

I have a 200MHz desktop (mine's bigger than yours :D) doing exactly the same thing you are proposing. I used a minimal install of Slackware.

6.Learn and create an iptables firewall filter. <-- this will be the most challenging from what I gather.
Instead of butting your head up against a brick wall trying to write a filter from scratch, try using gShield (http://muse.linuxmafia.org/gshield/). It set of scripts to manipulate iptables. You can set up a firewall easily, but if you still want to learn the nitty-gritty of iptables, you can examine the rules with "iptables -L".

Also, you will need to set the dhcp server software, as your router probably provides this function. The DHCP mini-HOWTO (http://www.tldp.org/HOWTO/mini/DHCP/) will be your friend here.

Setting up something like this can be a great way to learn about a bunch of different aspects of networking very quickly. Let us know how it goes. :)

your cheap router is no match for what iptables or ipchains can do.
I got the wrong ideia of what you were saying.

Like paj12 said, gShield is a great iptables firewall, easy to configure, and you can check the rules. you can try it, and you will save time to have your linux gateway working. But it is also good to learn iptables.

You can also try to setup a proxy server, its great to filter web content :)

gShield is a good choice for use at home, and for starting out as well. The script is well documented and fairly straightforward.

However, if you plan on doing alot of different things with your router, I'd suggest something a bit more robust. Shorewall comes to mind. However, with more robust, also comes a higher degree of difficulty.

There are other firewall scripts/programs out there. I've used both so figured that I'd give you another option if gShield doesn't match what you were looking for.

I always just used pieces of iptables scripts pinched from here and there.
Along with the iptables manpage and netfilter.org, I found the gentoo security guide helpful, whatever distro I'm setting up on. Scroll down to the iptables ruleset here...it's explained pretty well:
http://www.gentoo.org/doc/en/security/security-handbook.xml?full=1#book_part1_chap12

Thanks for all the responses!
gShield looks like a good first step for firewall configuration.
Searching around I see nothing but good reviews for it.
I also have the New Riders "Linux Firewalls" boook which seems very extensive and focuses on IPtables as well as many other security concerns.
Im glad someone brought up DHCP.
I might have completely over-looked that!
The DHCP server setup seems pretty strait forward.

Anyways, thanks again.
I'll let you know how it goes.

-Scott