Due to increased unknown mal-ware getting onto computers at a small business I am managing tech for, I want to add a computer as a hardware firewall, incorporating a file server for backing up. My question regards the best way to go about this. I will have a computer running a simple OS, most likely XP pro. 2 new RAID 5 1TB HDD's for file serving 2 10/100 NIC's, Broadband and LAN down the road possible Hmail server and apache what is the best way to go about implementing a firewall between the 2 NIC's?mountain climber

Due to increased unknown mal-ware getting onto computers at a small business I am managing tech for, I want to add a computer as a hardware firewall, incorporating a file server for backing up. My question regards the best way to go about this. I will have a computer running a simple OS, most likely XP pro. 2 new RAID 5 1TB HDD's for file serving 2 10/100 NIC's, Broadband and LAN down the road possible Hmail server and apache what is the best way to go about implementing a firewall between the 2 NIC's? First of all, this forum is dedicated to windows server platforms and, sincerely, I don't think that Windows XP professional may be considered a server platform That said, using the same box as a firewall and a file server isn't a good idea from the security standpoint and, sincerely, using XP as a "file server" sounds quite crazy to me, again, XP isn't a server and has sharing limitation which will seriously impact your setup Then, if you still want to use XP as a "firewall only" you may do so by using the XP "Internet Connection Sharing" functionality, but be warned that such a feature is designed for very small home networks and, on a regular AD network with its own DNS and DC it may have negative impacts or even break your network connectivity As a last note; given that you're talking about a small business, my hearthly suggestion is to have a look at the Microsoft Small Business Server edition which may possibly fit your needs

I'd recommend the use of opendns.com as a dns forwarder instead of your ISP's forwarders here. In my office I then customize it to block web sites like doubleclick.net Then ask yourself - is it necessary that your users go to facebook or another sites that bring in risk? XP is not the way to go here. Take a look at SBS Essentials (which hooks into hosted email) and then stick a true hardware firewall in front, or check out something line untangle which is a 'nix based firewall.