Securing a network

I have a small network with two w2k workstations and a w2k web/email (apache / ArGo) servers. I am connected to the internet with a Linksys router from a cable modem. I also have a third computer with fc3 on it. I would like to use fc3 to my network more secure. I have thought about using the fc3 box as a network monitor station? or some type of gateway for my workstations? Part of my dilemma is the server must have ports open in order to work, so how do I secure the server? I will so be trading in my linksys router for a Cisco urb924, so I know I can use the fc3 as a NAT/firewall, but I will still need ports (80, 110, 25) open for the server? would all like to use the fc3 to check and limit were the and what the workstation can go and download. Any help? Ideals or leads/tips.

Thanks, Kevin

You know I have experimented with FC3, but not with its firewall/NAT, but I know there's a special Linux distro that lets you convert you computer into a dedicated firewall. They have docs on well-known strategies, or network plans and diagrams that you can follow so you can secure your network. It is supposed to let you do all kinds of manipulations with ports and other network security things. This distro is called Smoothwall. Check it out.