On 2020-03-30 Alberto Abrao wrote:
I have the feeling that's redundant. That, and having a main router in front of them would help me set up things such as QoS and a central firewall.
I am used to doing this for simple NAT duties, but this time I would have a router managing public facing IP addresses.
You can do all this with Linux quite easily. It's a bit to delve into, though, if you want to handle and route multiple IPs, NATing some, etc. The interface, iptables and route stuff will start to get complex.
But then you get fun features like qos (tc command), like you said.
I'd say find a way to start slow. Like start making your single-connection-point firewall first without putting any boxes behind it. Then move them behind it one by one as you add more setups/features to the firewall.
Some will say use OpenBSD for all of this, but I say use Linux. Or, more accurately, use what you know and are good at. It'll be easier to get a grasp of things if you're already partway there.
Also, I always recommend "rolling your own" using basic utilities rather than using some pre-made "simple" firewall/router distro. But that's mostly because I like my boxes to serve many duties, not one just for firewall, one just for NAS, etc. Plus, you learn more doing it yourself, and have ultimate flexibility. With a purpose-made distro you'll eventually run into something you want to do that it can't.
My 2c. YMMV!