Web-, file-, etc server and internet gateway on the same PC?

[iverasp]

Hi. Our current router (Asus something) is beginning to piss me off way to often, and I need something to replace it with. I used to run a diskless machine with IP-tables and stuff in the closeth, but it was to much work every time I had to shut down some component in the network, and then restarting the router.

I have a server in the basement (P3 800Mhz, 512Mb ram), and it wouldt be hard to move the modem there. Is there anything I should be aware of if using this server as a gateway to the internet with NAT and Ip-tables? Any new security riscs?

Thanks

[anonybosh]

I currently use my samba/cups/apache/php/mysql/ssh server as a router/firewall as well. I use the hardened 2.6 kernel, and usually run only the stable installs. I try to keep everything pretty well locked down, watch my logs often, and thus far I haven't had any *visible* security breaches/problems. I am thinking of running weekly backups to another drive though, just to be extra careful.
There certainly are new security risks (having a direct connection to the internet), but as long as you have good ip-tables rules, and pay attention to your logs, you *should* be fine. I can only speak from my experience though...

[Parasietje]

I think you are less at risk than with a proprietary router. If you lock down your router (e.g. allow no incoming traffic), you should be safe. Also shield off from malformed IP packets (there are some ready-to-use scripts availible on freshmeat.net), or from malformed source addresses (i.e. spoofed packets).
That way, you are sure no-one can enter your box. The proprietary router is more at risk, as you don't know what is going on in there, which OS is running, how tightly it has been sealed, etc.