Why *nix if it weren't for the console advantages of it. All the text based configurations, all the CLI flexibility and power. Mouse clicking around is just so unproductive and laborious.
Netfilter/IPfilter software firewall/NAT?
The Linux kernel routing and IP filtering components are very powerful. You can achieve quite a fair bit of NAT using its IPTABLE NAT and MANGLE tables, along with route table forwarding with marked packets.
DNSMasq too if it suits your use
What Linux VPN do you usually use?
Tried all PPTP, IPSEC, OPENVPN. Unless it is to bridge network, I will choose IPSEC, otherwise OPENVPN get most of the job done and very useful across corporate firewalls due to the fact it does not require GRE and you can easily provide via TCP 443.
Just a side comment, is there good reasons for having a server setup to run firewall/NAT/VPN/DNS in the enterprise/production environment, apart from a testing / development environment to fiddle with?
Cost is one good reason, but it all depends on what you want to achieve and how much technical expertise the company has.
Software provides flexibility and allows you to customise it for custome development integration. Hardware provides better performance and normally stick with industrial features which are not always flexible.
From my casual observations, many businesses and companies would buy some hardware appliances from SonicWall or Cisco hardware that comes with NAT/VPN/DNS all-in-one, rather than having a Linux/BSD box software firewall/NAT. Simpler and higher performance although more expensive generally.
Deiniftely the case, you have to know a lot of these enterprises may have a lot of products certified engineers, but they are not custom development gurus. You want them to hack a system to do something outside of the spec, they will give you warranty, non-standard reasonings, but ultimately the main reason is they either don't know how, or they are not ready to put their job on risks
Is there something that the software firewall/NAT can do that the hardware do not, or do not do as well?
I do not have entire exposure to all brand’s and models of these hardwares, but for what i have came across, they are quite features rich as long as you stick with standards.
However suppose if you want some very special design like, detect the incoming ip connections and apply a certain statistical distribution function, to the backend servers or user profiles that are not based on RADIUS or LDAP but extracted from another system or via some RESTful API, then you will need to either provide a middleware that implements such interface or forgo it.
Any IDE that runs in the console mode without GNOME or KDE? vi and Emacs are like text editors, kind of too minimalist for me.
Don't research much into it. Take a look at Java based IDE, I suspect they don't need Gnome libraries. Otherwise you can always try these web based IDE
http://www.hongkiat.com/blog/cloud-ide-developers/
http://codiad.com