hello all... i'm seeking a little advice with my firewall. currently, it's a pretty basic setup. two nics, one connected to my cable, the other to my internal network. i use IP masqing to forward client requests to the internet.

i've closed down all ports that i believe to be unused, and only leave 80, 25, 110, 22, and 23 open.

now, i've heard about others who've setup their firewalls so all their binaries are NFS mounted, meaning a hacker would not be able to do much if he/she gained access to my firewall. so my question is, how do i go about setting something like that up? which binaries are the most critical to move, and which should i leave for system functionality, etc.

any and all help is appreciated! :-)

Yeah it's possible but you are creating a second point of failure. If something happens to the nfs server your firewall will no longer work.
I think you would be better off making all your files immutable and mount all the partitions read only, except the ones that need to be written too. Usually mounting /tmp and /var as writeable should be enough.
You could also look into building a cd image of your firewall system. Then everything again would be read only the only problem is you would have to burn a new cd everytime you want to update an application which hopefully won't be very often.
Just my opinion though using NFS might be a very good solution too. You should have placed this question in the security forum. I'm sure there are experts there that could help you better than I can.