(a) What is a router with NAT for ?
It provides access to a network for machines with IP addresses that are unknown on that network by mapping the original source sockets to sockets on the NAT gateways interface connected to the network that access is desired to.
- is there the posibility of dialing in via internet
The NAT gateway is connected to the Internet, so it can be accessed normally. It should not be possible to directly access machines in the network behind the NAT gateway (from the Internet's point of view). However, it could be possible to hijack TCP sessions or fool the NAT engine. This has happened with UDP in the past.
- in which area is a router better / worse than a simple paket-filter SW-firewall with masquerating (NAT)
You need to be more specific. The feature list of Linux boxes is very long and Cisco routers have a large set of features as well. Linux has ipchains (stateless) and iptables (stateful) for packet filtering, IP Masquerading is stateful per definition. Cisco routers have three types of access control lists ('basic', extended and reflexive), one of which is stateful, and there exists a 'firewall feature set' (CBAC) that can perform some inspection of some protocols. Ciscos also have NAT support. Linux is more extensible, but more work initially.
(b) A software firewall (SuSE-firewall) is only a paket-filtering aspect.
- what is missing ? is it enough ?
You don't have any application-level inspection. I try to use application proxies wherever I can, they give you protection an order of magnitude higher than packet filters. Of course, it always depends on how much you trust your machines' TCP/IP stacks. Those are protected by proxies, but usually not by packet filters (well, making a Linux router defragment all packets does give some protection).
(c) what supports a hardware firewall instead of an software firewall ?
- why is it better than a software firewall ? (is it really better ?)
There is no such thing as a hardware firewall. All firewalls are combinations of hardware and software. Cheers, Tobias