Smoothwall Firewall

Date: November 13th, 2001

URL: http://www.smoothwall.org

E-mail this article to a friend

Rating: Excellent!

Review:

 

Introduction

Smoothwall is a Linux-based secure operating system which claims to turn an old PC into a fully functional firewall.

It is licensed under GPL, which means both the software and the source code are freely available for download.

The actual download is a 20Mb ISO file, which can then be recorded to a CD. The CD is bootable if your machine will support booting from the CD drive, and contains tools for making a bootable floppy if it doesn’t.

The purpose of this little project was to share a cable connection between 3 workstations on a 10Mbit LAN. I had an old P133 with 48Mb RAM and a 2Gb hard disk running freeware proxy under Windows 98, but this was often slow and unreliable. The “server” had two network cards installed – one connected to the LAN using a private address range (10.x.x.x), and one connected to the cable modem.

Installation

After checking that the machine would support booting from a CD, and changing the BIOS settings to do so, I inserted the Smoothwall CD I had burned. The installation sequence then began.

The hard drive was reformatted, and the two PCI network cards were automatically detected. One of them was allocated as the Red interface (Internet connection), and the other as the Green (safe) interface. I configured the IP address for each of them, then entered a password as the final stage of the installation process.

The machine then rebooted and presented me with a typical Linux login prompt. At this stage you can unplug the monitor and keyboard and lock the firewall away – further configuration is done via a web browser.

Setup

From one of the other machines on the network I entered the IP address of the firewall, and a very slick web interface loaded. For security, this is only accessible from the local network, and the admin password must be entered before changes can be made.

By this time, the firewall was already actually functioning, and I could browse the web simply by selecting “Connect to the Internet via a LAN” in Internet Options. No proxy server settings were necessary.

Now I got into the more advanced setup of Smoothwall. The first job was to download and install the available updates, which was all taken care of automatically and smoothly.

I then set up the built-in DHCP server, and changed over the machines on the network. Again, it did exactly what it said on the tin.

I also enabled the web caching, whose main purpose is to allow me to collect blackmail material on my housemates and get out of the washing up.

Port forwarding is also easily achieved should you have a need for it. I don’t need it, so I left it disabled for extra security.

Use

Other than a reboot required when a new update was applied, the machine has been running 24/7 for the last few weeks with no problems whatsoever. Every program we have tried has accessed the Internet without even realizing there is an extra machine in the way, which is exactly what we wanted to happen.

Smoothwall provides comprehensive traffic logs and graphs, and has an intrusion detection system which will warn you of malicious attempts to access the system.

Options

Smoothwall can be set up with analog modems, ISDN cards, USB ASDL connections, cable modems, or just about any other method of accessing the Internet. It even provides dial-on-demand for those poor souls still on dial-up.

For a full description of all the other things it can handle, read the freely available documentation from http://www.smoothwall.org

Conclusion

Smoothwall is perfect for protecting a home or small office network and sharing the Internet connection. I have since installed a similar machine in an office with approximately 35 users, and it works brilliantly.

Submitted by: SmellyStudent

Leave a Comment: