I need to build a Linux Router at my office. We currently have a PIX firewall so the Linux route does not need do NAT and be a router. After going through all the different pre assembled options out there I think I will build it my self either using Fedora Core 4 or RHEL4 update 2. One of the most compelling reasons for my doing it on my own is that I can setup some really nice monitoring tools on the machine and incorporate them into our corporate monitoring.
Anyway, my questions are this:
1. Should I enable the firewall but leave NAT turned off? Will this slow down the router?
2. Should I enable SELINUX?
3. I have found a few TCP Tuning options on the net but what options do I really need to tune?
4. Are there and good tools out there that I can run to show me if I need to change/tweek any of the TCP Tuning options?