General Questions

This set-up is at head office.

I managed to get monowall up and running. My current set up is as follows (2nics)
http://www.pavilion.com.mt/mono/mono1.jpg
Monowall has an IPsec bridge set up with 2 remote sites

Is it possible to set up monowall with 3 nics http://www.pavilion.com.mt/mono/mono2.jpg
Basically :
Nic 1 - connects to the internet modem
Nic 2 - Provides internet to SBS (nic 1) & the DVR,
Nic 3 - Connects to the head office internal network switch, for IPSEC traffic

Is the above possible, as all I found reference to is DMZ, which I dont think is the right solution.

Cheers

Yes.  A DMZ "De Militarized Zone" is what you are trying to achieve.  This is basically a buffer network between your LAN and the internet where you put your servers that get accessed from the internet.  It gives you the additional protection of not routing inbound traffic direct to your LAN.  As the resources on the DMZ are accessed from the internet, they should be treated as "Untrusted" as potentially they could be compromised.  If this happened and they were on your LAN, they could compromise other machines.  Putting them on a DMZ helps to protect your LAN.

basically you can put many nic's in your box (i have 5) and create networks on it to control by the firewall. then you can create rules to allow the traffic flow from network to network.

Is there a finite m0n0wall limit?  Or just hardware limitations?  While playing around with a bunch of 4 port PCI cards I had hanging around, I got m0n0wall to recognize 18 ethernet ports (1x onboard Intel 10/100, 1x onboard Intel GigE, 4x PCI quad Intel 10/100 cards.)  I had 5 PCI Slots, but after 4 of the PCI quad cards the system stopped recognizing all of them, I think that was a PCI Bridge/IRQ sharing issue since each Quad card had a PCI Bridge and 4 discrete Intel chips.  Some other Quad port cards are a single chip, not sure if they "appear" as seperate devices to the BIOS, each requiring an IRQ that would need to be shared.

I guess it's probably not practically possible to put more than 26 in a standard machine anyway, assuming 2 onboard ports and 6 PCI slots with Quad port cards.  You could get crazy with PCI bridges, such as some Riser Cards I have with 3 ports at a right angle behind a PCI bridge similar to this http://www.orbitmicro.com/global/3xslot32bituniversalvoltageactiverisercardwpcibridgerequiringonly1pcislottofunctionoem-p-686.html 

Being bored one day I did verify that you can cascade them pretty well, I got 3 in a circle and a card on the 3rd was recognized and functioned correctly.  So, theoretically, cascading 3 of these in a circle you'd gain 6 PCI slots (-1 from on board slots, +7 through the bridges) for an extra 24 ethernet ports on Quad cards.  6 PCI Slot boards aren't impossible to find, so ignoring the obvious bus saturation of 60 ethernet ports of mixed speed and IRQ issues a-plenty, I wonder if m0n0wall would see them all.  Then, theoretically you could use straight PCI riser cards and use another set of 3 port riser cards you could probably get 15 more PCI slots from 5 ports just using the 3 port cards on them, then using the 3 cards on the last slot for another 7 PCI slots gives you 22 PCI slots.  Multiply that out with Quad port Cards and you could have a real ugly 88 ports, more if theres any on-board ports.  Back to IRQ's, even if each card is a single IRQ you're still trying to share between 22 cards, plus on-board devices on PCI, which your on-board ethernet likely is.  Oh, and power, I doubt the PCI bus could power 8 PCI bridges plus 22 Quad port cards, but if you're going that far you might be able to suplement that power by directly driving 3.3v in to the riser cards; if you've gone this far might as well break out the soldering iron too.

There is no finite limit in m0n0wall. You can only run the DHCP server on 32 interfaces in 1.2, shouldn't be any limit in 1.3.

Sometimes FreeBSD gets unhappy when you have a bunch of NIC's because they'll end up sharing IRQ's. I've also seen apparent hardware issues when using a lot of NIC's that I initially thought was a FreeBSD issue, but then tried Linux and it was no different. It can be difficult to get a bunch (8-10+) of NIC's working in a single box.