> I think this would be a very bad idea. The main reasons for making the
> firewall a spearate machine are:
>
> 1) Security. The firewall should absolutely not be compromisable. The
> whole point of a firewall is to protect your vulnerable machines behind
> it. If the firewall runs in a VM of any kind, then the host machine is
> also on the Internet, and unprotected. Compromise of this machine would
> allow the firewall to be bypassed completely (killall plex86).
>
This is not entirely true. If your IP on the internet is 24.x.x.x like for a
cable modem or something. and your lan is 198.x.x.x you could set the IP of the
nic in Plex86 to be the Cable address of 24.x.x.x and a second nic to be your lan
Ip. and then set the OS in Plex86 to use IP masquerading.
