My ISP (a small operation) uses a VLAN to connect all its subscribers into a non-firewalled, public IP network. So, if I connect my computers to the network through a switch, I can have public IPs to them all, and my ISP is OK with this as long as I keep the number small. I think there is an advantage to having the public IPs, but not having a firewall is a serious security risk, at least for my Windows machine. An obvious solution is to use a router and NAT for the machines I want behind a firewall and then to have a switch "in front of" the router so that I can have keep, say, my Linux machine on the open internet. But I'd also like to have some security for the machines I keep on the public side. So here is what I would really like to have: I'd like to set up a symmetric firewall (or perhaps some other kind) between my machines and the internet, and I would like to have a switched network, so that routing and DHCP is on my ISP's router. Does anyone have any ideas for the best way to do this? I've just started looking into LEAF (Linux Embedded Appliance Firewall). Could this be configured to do what I want?
Thanks,
Tom