We are considering installing an ADSL connection (newly available in Greece) and I were discussing whether to use a PC as the firewall/router or a Cisco router. The problem is mainly a security one as having a static IP enables someone on the Internet to attack us.
There are cheaper solutions for a adsl router/firewall on hardwarebasis (there is always a kind of linux behind it). If you use a hardwaresolution look, if it has nat and not ipchains with masquerading! NAT with iptables supports more protocols, than ipchains with masquerading.
Also is there any reason for the firewall and router software to run on separate machines? Is there any set-up anyone would propose for the network?
This depends on the level of security you want to have. For small business companies on machine would be enough. If you want to have own servers and for better security you can setup a adsl router/firewall before your network with a internal and dmz network after it. The first firewall itself does only need to have routing functionality and ssh from internal to be configured. The first server routes to external and the second one routes internal to external networks. If you want extra security you use a proxy or a filterproxy (e.g. dansguardian). Notice, that a proxy needs much ram and an own harddrive (we had to replace our proxy hdd because of high usage it went broken).
There won't be any web server at least for a couple of months or more.
I would suggest to use a server from an isp for the mail and webservices, since adsl only works with dyndns for a hostname. Solutions for about 50-150 mailaccounts and 150MB webspace cost about ? 15,- per month and the security on this servers is the problem of the isp's.
The only computers needing access to the Internet will be our mail server (?) and about 5 PCs.
Would be a nice job for a proxy, if you like to only allow a limited number of PC's to access the internet. I would use an external mailserver and on your server a getmail config for each user. If you like to run your own mailserver you need dyndns, depending on the provider you can get problems, because the ip is often not synced fast enough - your server then sometimes will be not available from external. If you use david xl for linux the dyndns service is done by tobit (www.tobit.de / mail+sms+isdn+fax). I will not make here any ads for anybody, but it's a nice thing in "redmond" networks.
If this is of topic for the list can somebody please point me to any other?
I think so you are right here. Philippe