Picking a Gateway: Router or Mac OSX Server

Depending on the router capabilites using it as the gw/(NAT)router, "firewall" is usually what people do. They just forward any public accessible traffic to the server IP.

What is considered a "real" firewall is debateable. Some say if you can't setup rules for outgoing traffic it isn't a real firewall, and if you don't get any notification when there are ongoing attacks and no intrusion detection, packet inspection, "is it really HTML in the port 80 (TCP) traffic" and so on...

VPN, DNS, DHCP is in my opinion better handeled or easier to setup by/in the OS X machine.
Most VPN routers doesn't have L2TP or PPTP and you'll need an other ("expensive") VPN client.

Hi

I echo Leif’s suggestions although you could change your router for a ZyXel one which does offer true NAT/SPI Firewall capabilities and has a wealth of logging features and notification if security is a concern. There are others. I am not affiliated with ZyXel in any way.

Ultimately it would depend on the type of broadband connection you have. I prefer to use OSX Server for routing and NAT if its a cable modem broadband service. You would not need to install a gigabit NIC, a standard 10/100 NIC would do. The RTL8139 chipset is supported by 10.3 or above without the need for a driver to be installed and they are cheap. If you have an oldish PC lying around with a 3rd party PCI NIC installed odds are it will be the RTL8139 chipset, use that. You could use this NIC for the WAN connection and the built-in gigabit NIC for the LAN. If the broadband service is down the phone-line then a ZyXel 662H (or HW) Router would be a better bet in my opinion.

As for qualitative discussion on how to pick between the options? These forums are full of such opinions and advice in response to posts such as yours. Ultimately its up to you.

Tony

1-3 Yes.
4 You only forward the ports you need for any public access services HTTP, mail and so on, including VPN ports/protocols.

Hi

No. In the scenario I laid out you would disconnect the Netopia Caymen put it to one side and connect the ISP supplied cable modem (RJ45) to the second slower NIC for your WAN connection. That is if your broadband service is provided by ethernet cable. You would then launch Gateway Assistant on the server which will walk you through configuring OSX Server for /NAT and Firewall Services. The Gateway Assistant configures these services simply to begin with so there would have to be further manual configuration later on, some of it would involve the command line. In essence your server would then become the Gateway/Router.

If this sounds like too much work and effort for you then leave things as they are (as Leif has suggested) and work with what you’ve got.

You could connect a cable from the LAN side of your existing router to the second NIC and configure Gateway Assistant from there. You would in effect have two separate IP address ranges (sub-nets). Some people regard this as ugly - double NAT - some people look at this as extra security.

Tony

I am trying to do similar but do not want to run gateway assistant as it changes my ethernet port 1's IP details, I cannot find a sensible answer anywhere to simply share the internet connection over the ethernet ports and into my local network, any other tips would be great!

I to would recommend a Zyxel over most Netopia and Linksys products.
Next stage/step up would be something far more expensive, however.

I also have no affiliation with Zyxel