Ok call me confused a little. What does the linksys do here? The Gateway software is a router and does the same job as the linksys! If you want this to work and you put the linksys there to get wireless services, get a linksys access point not a router! (Or be sure to setup the router as a dumb AP - turn off DHCP on the router, connect the internet side which comes from your gateway computer to the LAN ports and don't use the WAN port on the router!)



A gateway server supplies all the DHCP addresses for your local network think of the software as a highly educated router and you should do just fine. Two interfaces should work just fine, one for your WAN (internet) connection and the other for all your local machines. Connect the LAN side to a switch for wired machines and connect an access point to that same switch. If you don't have any wired computers just use the LAN port to connect to the AP.



Here is a good guide to using the GATEWAY software http://www.howtoforge.com/using-ebox-as-a-gateway-firewall-traffic-shaping-http-proxy-and-more

(It is about "ebox" but that is the same thing. see http://trac.zentyal.org/wiki/Document/Index )

Ok, I have:

Internet -> Mikrotik Router -> Linksys (a few) -> various networks.

Same idea. The Mikrotik router does nothing but control traffic (plus Web proxy and NTP server) and filter out "bad stuff" based on my blacklists. Your Zentyal could do basically the same, plus whatever other service you want to run.

My networking is such:

Internet -> WAN port -> Mikrotik -> LAN of 192.168.50.254/24 on a 5 port switch, which makes a small subnet/private LAN to connect the rest of the gear. I do this, so I can NAT different public WAN IP addresses (I have 5 of them) to different 192.168.50.y addresses, one for each Linksys router. For example, if my public addresses end in .13, .14, I NAT those to 192.168.50.13 and 192.168.50.14 respectively. A box store router (Linksys) is then defined on it's WAN port as one of those addresses



I then do:

192.168.50.x -> WAN port on Linksys -> LAN 192.168.3.1 (or whatever) for one typical subnet. The Linksys WAN defines a specific "x" value that I use for NAT rules, and the Mikrotik router (192.168.50.254) is my default gateway on the Linksys WAN port. I still define my DNS directly into the Linksys routers, but your firewall could do that function if you wish (be the DNS server).



You could also use DHCP on the Zentyal firewall, for the LAN side, and just define the Linksys router to use DHCP on it's WAN port to get an address. That will work. The key is that the WAN and LAN addresses on the Linksys router must be totally different subnets, else the router cannot "route" properly. That's why I use the addresses I do, to make it clear which subnet I'm on (avoid confusion).



PS Tracy has some good links also. In my case, I can justify the extra routers, since I'm breaking out different functions, with different rules on each subnet (different wires). If you only have one home LAN, the only reason you would add a Linksys (or any) router would be to extend or move a wireless access point to a different part of the house. Otherwise the first firewall should do the job.

That said, no harm leaving the Linksys in the network while you are still learning how to configure the Zentyal firewall. Any mistake would let "bad stuff" through it, and your Linksys router will still block incoming probes. This did happen to me once, when I first started with the Mikrotik firewall (many years ago), I made a mistake, and allowed everything through, and my IIS web server got hit with 5 viruses overnight. An extra router in line would have saved me (probably). I now use Linux web servers and dual routers/firewalls. Once you are done configuring the Zentyal, you could probably remove the Linksys if not needed for other functions. The Zentyal will have so many more protection features than the Linksys (like Snort)....

If you decide to go with ClearOS, here is a discussion on setting up in gateway mode:



http://bit.ly/dowz4U