I am going to build a Linux (IPtables) based firewall for my LAN (which consist of approx. 25 workstations running Windows XP Pro, and 2000. I was curious of something regarding the firewall. If I run a Linux based firewall, that is acting as a gateway to the internet for my LAN will I be as vulnerable to Windows based worms (i.e. Sasser, etc)? I know that most worms that are targeting to Windows vulnerablilities will not affect Linux based machines, however, since I will be running Windows based machines behind the LAN, I was wandering about listening ports within my LAN.

Computers on the Internet won't see any of the open ports. They'll only see what's open on the router. You can do port forwarding to run servers behind the router, in which case it'll look like the router is running the servers. Just remember, if someone brings in an infected laptop, you have no protection.

You are probably best off using NAT and IP Masqerading with your firewall. Check on www.tldp.org for the howtos: http://www.tldp.org/HOWTO/HOWTO-INDEX/networking.html#NETROUTING http://www.tldp.org/HOWTO/HOWTO-INDEX/networking.html#NETSECURITY