Author Topic: Smoothwall  (Read 1848 times)

[[Fury161]]

  • Newbie
  • *
  • Posts: 3
  • Kudos: 0
Smoothwall
« on: 14 January 2002, 20:32 »
anyone out there use Smoothwall.
I just got hold of a second box and installed it on it, as a firewall/cache.
seems ok at the moment but any input would be great

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Smoothwall
« Reply #1 on: 14 January 2002, 21:40 »
Do you have any experience with any other firewalling software/hardware?  I would be interested in hearing a review from you. I have not used SmoothWall but did just go read most of the documentation and looked at the screen shots.

Thoughts: I have used a few different hardware firewalls (Cisco PIX, Netscreen 5/10/100, LinkSys) and software/hardware firewalls using ipchains. The SmoothWall product looks to me like you would end up with a hardware firewall similar to a LinkSys or Netscreen (without VPN). At home I use a dedicated machine with 2 NICs using ipchains and I have no graphical configuration, just enter the rules manually. I also use this machine for other functions, like VPN (FreeS/WAN) and Squid Proxy. Now the best firewall box would be dedicated as a firewall but for me that would mean running two separate boxes when I now only have to run one.

I didn't see where SmoothWall could do IPSEC VPN, if it could I would certainly be checking it out.  I also don't know that if you wanted to add Squid functionality to the box you could (at risk of being less secure).  Maybe you can answer this from what you've seen.  Also can you put a 3rd NIC in and create a DMZ?  I didn't read anything on their site about that possibility.

It certainly looks like a nice interface and similar to Netscreen and LinkSys.  If you basically end up with a LinkSys 1 port firewall w/DHCP then I can think of some advantages/disadvantages of both.

LinkSys has no moving parts so I would guess there would be less of a chance of a hardware failure = more reliable hardware but not necessarily more reliable security.

Smoothwall runs on a PC which would mean it would be infinantely upgradeable, eventually you may have to get a new LinkSys box.

From looking over their website it certainly looks like a slick product. I may have to try it out.
Someone please remove this account. Thanks...

[[Fury161]]

  • Newbie
  • *
  • Posts: 3
  • Kudos: 0
Smoothwall
« Reply #2 on: 14 January 2002, 22:03 »
Thanks for your reply albeit some of it went over my head!!!!!, but i will try and answer your points.
yes it does handle vpn, and a dmz is easily set up, you assign pinholes through to the green address.
my next step is to get another box and use it as a web server, when i get the cash. the interface is a breeze, being opened in your web browser, and all updates are done this way too. I only have a floppy in the smoothwall, no cd rom, no graphics card (so no moniter as not needed)
the box itself is an amd 450 chip with 128 meg of ram, and with this running my adsl line it frees up my main machine of all that bother, as well making the odd gaming i do do faster as there is no modem to drive (usb modems do suck a lot from a machine)
dhcp is built in, as well as web proxy,and dynamic dns, all taken care of the minute the box loads up.
give it a go you may be surprised

[ January 14, 2002: Message edited by: [[Fury161]] ]


voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Smoothwall
« Reply #3 on: 15 January 2002, 05:35 »
Cool, couple of questions. Is the VPN IPSEC (what VPN protocols)?  You said it does web proxy, does it use Squid for this or is it just IP masq (with Squid I can set up authentication and restrict browsing based on userid)?  

I don't care for the "pinhole" idea for DMZ, sounds like basic port forwarding to me, a true DMZ would be safer, however, at home I do not use a DMZ anyhow so the point is mute.  Just thinking of small business applications.  They should have a "Yellow" NIC to go along with the "Red" and "Green" NICs.

Thanks!

[ January 14, 2002: Message edited by: VoidMain ]

Someone please remove this account. Thanks...

[[Fury161]]

  • Newbie
  • *
  • Posts: 3
  • Kudos: 0
Smoothwall
« Reply #4 on: 16 January 2002, 00:49 »
Just a quick reply
you can set an orange zone as well as red and green
 

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Smoothwall
« Reply #5 on: 16 January 2002, 02:07 »
quote:
Originally posted by [[Fury161]]:
Just a quick reply
you can set an orange zone as well as red and green
   



Are machines in the orange zone not on the same physical network as machines in the green zone? If so I don't like it, if not I like it.
Someone please remove this account. Thanks...

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Smoothwall
« Reply #6 on: 26 July 2002, 00:23 »
has anyone else used smoothwall? It sounds/looks good. I dont really want to upgrade my firewall... because it isnt broken...yet. But in the future i may try it out.
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

KernelPanic

  • VIP
  • Member
  • ***
  • Posts: 1,878
  • Kudos: 222
Smoothwall
« Reply #7 on: 26 July 2002, 03:05 »
I use smoothwall GPL and it rocks! In reply to voidman's question IP MASQ and Squid are both supported you make the decicion. You can set up 3 interfaces (NIC, modem, USB modem whatever) Red (Outside world), Green (Local), and Orange (DMZ). I cant remember whether the firewall features are IP tables or IP chains, but i think with the latest updates smoothwall is a 2.4 kernel so it's probably IP tables. You can use SSH to change the ruleset if you want to add you own thing. Another cool feature is that it can also sync with and update a service like dyn dns when your IP address changes.

[ July 25, 2002: Message edited by: Tux ]

[ July 25, 2002: Message edited by: Tux ]

Contains scenes of mild peril.

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Smoothwall
« Reply #8 on: 26 July 2002, 04:44 »
Well, I didn't really ask about IP MASQ.  I wanted to know if it would do IPSEC VPN (probably would have FreeS/WAN installed if it does).  I would also bet that it just uses ipchains/iptables to do the firewalling but with a pretty GUI.
Someone please remove this account. Thanks...

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Smoothwall
« Reply #9 on: 26 July 2002, 06:11 »
has anyone tried sentry or any other firewall distribution?
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Smoothwall
« Reply #10 on: 26 July 2002, 23:04 »
i'm installing smoothwall in my 'testing' computer. It doesnt let you partition or choose almost anything when installing. it automatically partitions the HD for you. I find that quite annoying.
 Everything is confusing. there is a squid cache directory... but no squid anywhere else.

Id there a GUI? I cant find it?

[ July 26, 2002: Message edited by: Master of Reality / Bob ]

Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Smoothwall
« Reply #11 on: 26 July 2002, 23:16 »
no GUI. Its all done from a browser on another computer. this annoys me much, because i installed it on a standalone computer   :(  
[EDIT!:hmmm... i guess i just forgot that this computer actually is on a network    ]

[ July 26, 2002: Message edited by: Master of Reality / Bob ]

Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Smoothwall
« Reply #12 on: 26 July 2002, 23:17 »
how would i go about putting a firewall and proxy on separate boxes... or two firewalls.
I just install smoothwall on a extra box that isnt directly connected to the internet, but is on the same network as my other computers. I would i get my web traffic to go through both?

[ July 26, 2002: Message edited by: Master of Reality / Bob ]

Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Smoothwall
« Reply #13 on: 26 July 2002, 23:37 »
You would have to put them in series. I actually have had mine set up that way for the last few months. I have a Netscreen 5 connected directly to my cable modem which does firewall/VPN, then I have only one computer attached to the Netscreen's trusted interface, a Linux box with 2 NICs also acting as a firewall (it was my primary firewall). This allows me a little more security on my inside network to both the Internet and to the private network I VPN in to. Plus when I installed the netscreen I didn't have to reconfigure anything on my internal network except for my original Linux firewall's untrusted interface.
Someone please remove this account. Thanks...