When ever i'm in need of a software firewall / router I use Vyatta.  A advanced firewall and still rather easy to setup. I'm going to have my latest setup as an example. I'm setting up a development enviroment for deployment of Windows7 and WindowsXP. I'm using the latest version of VmWare vsphere 4.

Setup

Download the ISO from the download section. Then you need to create a new virtual machine and give it some diskspace and ram. I gave it 200mb of disk and 128mb of RAM. This is up to you and what type of load is expected. Remember to add two network interfaces and set the type to e1000. One for outside and one for inside.

Start the machine and mount the ISO you downloaded.

When the system boots you will be greeted with the text

vyatta login:

Logon as root and with vyatta as password.

We now need to install vyatta on the diskdrive instead of the ISO. So type the following.

install-system

 Follow the instructions on the screen. Now the fun parts starts. Now we need to go in configuration mode(ie. enable in Cisco CLI) Write the following.

vyatta@vyatta:~$ configure
[edit]
vyatta@vyatta# set interfaces ethernet eth0 address 192.168.1.81/24
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# exit
exit
vyatta@vyatta:~$

This will set the first network interface(eth0) to have address 192.168.1.81 with netmask 255.255.255.0
Then commit will save this to the running configuration. Exit will leave the configuration mode.
We now need to set up the inside interface. Use the syntax above but change the IP and eth0 to eth1.
Vyatta firewall should now respond to pings from computers on the same network and in the same subnet.

NAT

set service nat rule 1 outbound-interface eth0
set service nat rule 1 source address 10.1.1.0/24
set service nat rule 1 type masquerade

This will is a generic NAT route that sends all traffic that's outbound(not in the same subnet) to the outbound-interface. And we tell it that outside interface is eth0. This will only apply if the source network is 10.1.1.0/24(our inside network)
I like PuTTy and SSH in general so I will add a second NAT rule for SSH.

set service nat rule 2
set service nat rule 2 type destination
set service nat rule 2 inbound-interface eth0
set service nat rule 2 protocol tcp
set service nat rule 2 destination address 0.0.0.0/0
set service nat rule 2 destination port ssh
set service nat rule 2 source address 0.0.0.0/0
set service nat rule 2 inside-address address 10.1.1.1

Don't forget to save you changes to the running configuration.

commit

Then you need to save this to the statup config, this is done with the following command.

save
Saing configuration to '/opt/vyatta/etc/config/config.boot' ...
Done

You now have a vyatta firewall running as a router. There is a lot of things you can do with this so I suggest you read the documentation as I do. Will return to this topic when I have something interesting to write about.

UPDATE:

If you would like to try out windows 7 you should since it's a great OS. But if you like me need to connect to VmWare's VsPhere 4 you need to read this post. It's taken from a tread at vmware communities.

In short this is what you need to do is the following:

1. Obtain a copy of %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\System.dll from a non Windows 7

machine that has .NET 3.5 SP1 installed.

2. Create a folder in the Windows 7 machine where the vSphere client is installed and copy the file from step 1 into this folder. For example, create the folder under the vSphere client launcher installation directory (+%ProgramFiles%\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\Lib+).

3. In the vSphere client launcher directory, open the VpxClient.exe.config file in a text editor and add a <runtime> element and a <developmentMode> element as shown below. Save the file.

<?xml version="1.0" encoding="utf-8"?> 
<configuration> 
... 
<runtime> 
<developmentMode developerInstallation="true"/> 
</runtime> 
</configuration> 

3. Create a batch file (e.g. *VpxClient.cmd*) in a suitable location. In this file add a command to set the DEVPATH environment variable to the folder where you copied the System.dll assembly in step 2 and a second command to launch the vSphere client. Save the file. For example,

SET DEVPATH=%ProgramFiles%\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\Lib
"%ProgramFiles%\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe"

4. (Optional) Replace the shortcut on the start menu to point to the batch file created in the previous step. Change the shortcut properties to run minimized so that the command window is not shown.

You can now use the VpxClient.cmd (or the shortcut) to launch the vSphere client in Windows 7.

Note that this workaround bypasses the normal .NET Framework loading mechanism so that assembly versions in the DEVPATH folder are no longer checked. Handle with care.

I've attached the DLL-file so you don't have to look around for the file.

System.dll.zip (1.05 mb)

If you have a MSA or another SAN solution you can increase the performance of the hardware a lot with the help of the diskpart tool that's available thru the prompt. This is only for windows 2003 since windows 2008 will align the partitions by default.

1. Create the machine and the disk.
2. Mount the disk in an existing virtual machine.
3. Delete all partitions on the disk.
4. Open a promt and execute diskpart.exe
5. At the Diskpart command prompt, type List Disk and press Enter. If the disk you want to align does not appear in the list make sure that it exists and is accessible using the Disk Management snap-in.
6. At the Diskpart command prompt, type Select Disk X, where X is the number of the disk as shown in the output of the List Disk command. Diskpart should return a message that indicates that Disk X is the selected disk.
7. At the Diskpart command prompt, type Create Partition Primary Align=X, where X is either 32 or 64, depending on the recommendation from your storage vendor. If your storage vendor does not have any specific recommendations, it is recommended that you use 64.
8. Shutdown the machine and and mount the disk in the intended machine.

This is the same steps as I found in this article on Technet.