Operating Systems > Linux and UNIX

Smoothwall

(1/3) > >>

[[Fury161]]:
anyone out there use Smoothwall.
I just got hold of a second box and installed it on it, as a firewall/cache.
seems ok at the moment but any input would be great

voidmain:
Do you have any experience with any other firewalling software/hardware?  I would be interested in hearing a review from you. I have not used SmoothWall but did just go read most of the documentation and looked at the screen shots.

Thoughts: I have used a few different hardware firewalls (Cisco PIX, Netscreen 5/10/100, LinkSys) and software/hardware firewalls using ipchains. The SmoothWall product looks to me like you would end up with a hardware firewall similar to a LinkSys or Netscreen (without VPN). At home I use a dedicated machine with 2 NICs using ipchains and I have no graphical configuration, just enter the rules manually. I also use this machine for other functions, like VPN (FreeS/WAN) and Squid Proxy. Now the best firewall box would be dedicated as a firewall but for me that would mean running two separate boxes when I now only have to run one.

I didn't see where SmoothWall could do IPSEC VPN, if it could I would certainly be checking it out.  I also don't know that if you wanted to add Squid functionality to the box you could (at risk of being less secure).  Maybe you can answer this from what you've seen.  Also can you put a 3rd NIC in and create a DMZ?  I didn't read anything on their site about that possibility.

It certainly looks like a nice interface and similar to Netscreen and LinkSys.  If you basically end up with a LinkSys 1 port firewall w/DHCP then I can think of some advantages/disadvantages of both.

LinkSys has no moving parts so I would guess there would be less of a chance of a hardware failure = more reliable hardware but not necessarily more reliable security.

Smoothwall runs on a PC which would mean it would be infinantely upgradeable, eventually you may have to get a new LinkSys box.

From looking over their website it certainly looks like a slick product. I may have to try it out.

[[Fury161]]:
Thanks for your reply albeit some of it went over my head!!!!!, but i will try and answer your points.
yes it does handle vpn, and a dmz is easily set up, you assign pinholes through to the green address.
my next step is to get another box and use it as a web server, when i get the cash. the interface is a breeze, being opened in your web browser, and all updates are done this way too. I only have a floppy in the smoothwall, no cd rom, no graphics card (so no moniter as not needed)
the box itself is an amd 450 chip with 128 meg of ram, and with this running my adsl line it frees up my main machine of all that bother, as well making the odd gaming i do do faster as there is no modem to drive (usb modems do suck a lot from a machine)
dhcp is built in, as well as web proxy,and dynamic dns, all taken care of the minute the box loads up.
give it a go you may be surprised

[ January 14, 2002: Message edited by: [[Fury161]] ]

voidmain:
Cool, couple of questions. Is the VPN IPSEC (what VPN protocols)?  You said it does web proxy, does it use Squid for this or is it just IP masq (with Squid I can set up authentication and restrict browsing based on userid)?  

I don't care for the "pinhole" idea for DMZ, sounds like basic port forwarding to me, a true DMZ would be safer, however, at home I do not use a DMZ anyhow so the point is mute.  Just thinking of small business applications.  They should have a "Yellow" NIC to go along with the "Red" and "Green" NICs.

Thanks!

[ January 14, 2002: Message edited by: VoidMain ]

[[Fury161]]:
Just a quick reply
you can set an orange zone as well as red and green
 

Navigation

[0] Message Index

[#] Next page