I just picked up a little unit from SOHOware called the NBG800.  Here's a link to their website:

http://www.sohoware.com/expl/firewall.htm

It does an awful lot of what you're looking for.  I had a DLink 701 a while back, and this one is a HUGE step forward.  It also has a
4-port auto-sensing 10/100 switch built-in.

The best part is that it was only $85 at Fry's!

-David

Jay wrote:

> I know this topic came up here recently, but I just looked through the
> archives and I couldn't find it (browsing by thread).
>
> Anyway, I'm looking for recommendations on the best method to build a
> standalone firewall machine. The network will look something like
> (simplified for email purposes):
>
>                                                       /----Servers
> Internet----SDSL Router----Firewall----10/100 Switch--
>                                                       \----Workstations
>
> The firwall obviously needs to support NAT and masquerading, as well as
> port forwarding to get to the http, smtp, pop3, ssh, etc... ports on the
> servers from the Internet, and support for multiple physical Ethernet
> interfaces.
>
> Although not *required* (but would be nice) would be features like
> stateful packet inspection (rules based), DoS filtering, intrusion
> detection, excellent logging, easy (yet powerful) web browser
> configuration/administration, and maybe even log analysis and reporting
> features.
>
> While I'm at it, another cool feature would be if it was all able to run
> via a floppy or bootable CD (thus no HDD required in the firewall). I also
> recognize that this feature would require logging via remote syslog, which
> (since the logs would then be remote) would also mean that it wouldn't be
> able to do log analysis and reporting.
>
> I know all of these features are easily available with Linux, but I'm
> looking for a nice integrated package. Looking on Freshmeat turns up over
> 200 options (so I'm sure something is out there). I've seen dedicated
> "security appliances" from the likes of Linksys, NetGear, and SonicWall.
> They look alright (and the Linksys and NetGear ones are really very
> affordable), so if someone might recommend that approach, I'd be
> interested in hearing thoughts on that too.
>
> Thanks!
>
> --
> ~Jay