When ever i'm in need of a software firewall / router I use Vyatta.  A advanced firewall and still rather easy to setup. I'm going to have my latest setup as an example. I'm setting up a development enviroment for deployment of Windows7 and WindowsXP. I'm using the latest version of VmWare vsphere 4.

Setup

Download the ISO from the download section. Then you need to create a new virtual machine and give it some diskspace and ram. I gave it 200mb of disk and 128mb of RAM. This is up to you and what type of load is expected. Remember to add two network interfaces and set the type to e1000. One for outside and one for inside.

Start the machine and mount the ISO you downloaded.

When the system boots you will be greeted with the text

vyatta login:

Logon as root and with vyatta as password.

We now need to install vyatta on the diskdrive instead of the ISO. So type the following.

install-system

 Follow the instructions on the screen. Now the fun parts starts. Now we need to go in configuration mode(ie. enable in Cisco CLI) Write the following.

vyatta@vyatta:~$ configure
[edit]
vyatta@vyatta# set interfaces ethernet eth0 address 192.168.1.81/24
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# exit
exit
vyatta@vyatta:~$

This will set the first network interface(eth0) to have address 192.168.1.81 with netmask 255.255.255.0
Then commit will save this to the running configuration. Exit will leave the configuration mode.
We now need to set up the inside interface. Use the syntax above but change the IP and eth0 to eth1.
Vyatta firewall should now respond to pings from computers on the same network and in the same subnet.

NAT

set service nat rule 1 outbound-interface eth0
set service nat rule 1 source address 10.1.1.0/24
set service nat rule 1 type masquerade

This will is a generic NAT route that sends all traffic that's outbound(not in the same subnet) to the outbound-interface. And we tell it that outside interface is eth0. This will only apply if the source network is 10.1.1.0/24(our inside network)
I like PuTTy and SSH in general so I will add a second NAT rule for SSH.

set service nat rule 2
set service nat rule 2 type destination
set service nat rule 2 inbound-interface eth0
set service nat rule 2 protocol tcp
set service nat rule 2 destination address 0.0.0.0/0
set service nat rule 2 destination port ssh
set service nat rule 2 source address 0.0.0.0/0
set service nat rule 2 inside-address address 10.1.1.1

Don't forget to save you changes to the running configuration.

commit

Then you need to save this to the statup config, this is done with the following command.

save
Saing configuration to '/opt/vyatta/etc/config/config.boot' ...
Done

You now have a vyatta firewall running as a router. There is a lot of things you can do with this so I suggest you read the documentation as I do. Will return to this topic when I have something interesting to write about.