Dred:
Using DSL or a cable modem for that matter and only one IP address is going to force you into two possible ways of sharing your bandwith across a home network.
The first way is to install a Proxy system (yes Linux can do this too... I don't know how... I haven't read the HOWTO /~unreal/ubb/html/wink.gif )
The second is to do what I do at home. Use the firewall as a NAT (Network Address Translator aka IP Masquarading).
When using either method you are going to end up using a bit more processor power than if you were just running a plain old vanilla firewall. You could still get away with using a 486 if you wanted to like I suggested, but it depends upon the number of machines that are going to be behind it.
If you are going to be using a NAT then I would really recommend a Pentium class machine at least for more that 2 or 3 machines esp if you plan an playing UT or Q3 on all those machines to external sites.
Now here's the reasoning:
with both NAT and Proxying each and every packet that comes in the header has to be inspected and possibly rewritten. This is obviously going to eat more processing power than if you are using a plain vanilla firewall because the plain vanilla firewall just looks at the where the packet is coming from, going to, and what specific protocol (ICMP or other) the packet is. It then just does something to it. The NAT and Proxy have to do some of this and their header re-writes as well.
The reason I use NAT instead of proxing (though proxying can be more secure) is that to use proxying programs have to be proxy aware or you need to use a network shim (a program to sit in the background and add a basic proxy support to any network integrated program). Personally I find it difficult to find a lot of programs that are proxy aware taht I'm willing to use and shims can wreak havoc all over your system. Therefore since NAT's are invisible to the local machines it's just easier to use /~unreal/ubb/html/smile.gif
Now about the slowing down part if you are using a slow machine. The bottle-neck of all your network traffic is going to be the DSL connection no matter what. At max you can get a DSL of 8 Megabit down-pipe and 1 Megabit up-pipe, but even the slowest ethernet is 10 Megabit. Now lets say you get a fairly common DSL connection rate 256K/256K (lowest end from US West around my parts) since a T1 is 1.44 MB (Megabit) / sec your doing at just about 1/6 of a T1 for connection (not bad) but remember your ethernet is either 10 MB or 100 MB, your doing about 6.9 times more bandwidth at 10 MB than a T1!
So with that answer to your question... do you really think that having a slower processor for the NAT/Proxy/Firewall is going to slow you down? Nope, we aren't producing enough data to actually overrun your network buffers, or your processing power.
However, if you decide to run a FTP server off your firewall, and you start getting a lot of vistors then you are going to run into problems (both with bandwidth and processing). So, here's the idea. Go ahead and run a FTP site on your firewall if you want to, but remember this, if you make it possible to for anonymous uploading, then you open yourself to a crack, if you don't open it for anonymous uploading then that crack is far less likely to happen (it's still posible, but it would have to be one of your users doing it then).
So, if you didn't infer the answer to your second question, it's not a problem to use your firewall as your FTP server, in fact I use our firewall (when we've got our connection back [DIE USWEST SCUM!]) as an FTP server, Web server and e-mail server. Not bad for a P100 with 24MB of ram and a 1gig HD that we scrapped together from spare parts /~unreal/ubb/html/biggrin.gif
The samba stuff isn't too hard either and if you use the base install of the RedHat packages there really isn't much you need to configure. It will give you access to user accounts on the box buy a username password combo and you can access Windoze boxen with some commandline (or GUI) utils that work very similar to FTP or even mount in that Winbloze partitiion as part of your directory tree /~unreal/ubb/html/wink.gif
As for Checkpoint... I don't know anything about it. All the utils I use for my Firewall are right out of a RedHat distro. Ip-Chains, Apache, WuFTP, and SendMail.
If you want more info on setting up any of the above I refer you to the HOWTO's available in the docs directory of a RedHat install cd or the Linux Documentation Project at:
http://metalab.unc.edu/LDP/
Voyd:
Yeah it can seem a horrible mess what I'm advocating but in the end it can be a lot more secure than having a Windoze machine directly on the Internet. Even with a NT Server and all the latest "security" fixes and patches and even a 3rd party software proxy / NAT solution, Windoze is just in general more ummm.... prone to attacks of a common nature. The use of a *nix machine as a buffer is just more prudent in my view. An OS that was designed from the ground up as a multi-user system is generally more likely to be more robust at taking care of attacks than a system where a single user is at one point or another completely dominate on the system and I'm not talking about admins in either case.