Not really something I know much about (but when did that ever stop me?
), but I'd look at
smoothwall as a firewall (because it's free, and, I believe, highly configurable - the standard consumer firewalls will probably be a bit limited). Also, for testing it, I'd take a look at
nmap. Playing with the latter taught me a fair bit about what my firewall could and couldn't do.
edit:
http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html may be a bit old, but it might be useful for the basics. Don't know what level i'm pitching at.