OT: smoothwall firewall impressions
Chris Benson
chrisb at jesmond.demon.co.uk
Fri May 2 07:47:56 CDT 2003
Just for a change, a software review.
After thinking about it for over a year and having the CD for over 6
months, I finally tried out the SmoothWall firewall today. A Linux
distribution that turns a redundant PC into a reasonably competent
firewall. This is SmoothWall GPL 1.0. from http://www.smoothwall.org/
Bootable CDROM bought from www.linuxemporium.co.uk.
Installation (short):
- insert CD
- boot
- confirm keyboard layout, timezone,
- set IP address and hostname
- choose passwords for root, setup and admin users
- press Return a few times
- remove CD
Installation (more):
- When I first looked at SmoothWall I had ISDN and SmoothWall didn't.
- Now it has ISDN and USB ADSL support
- It supports two or three networks:-
-- GREEN is the ethernet card on the internal (safe) network
-- RED is the ethernet card/ISDN/ADSL/modem connected to the Internet
-- ORANGE is an optional ethernet card connected to the DMZ - a semi-safe
network.
- After initial setup of the above administration is by connecting
to web-pages and logging in as admin.
- Can do IPSEC VPNs
- Can port-forward, NAT, all the firewall stuff
- Can run Squid web cache and Snort intrusion detection
- Can have the external (RED) interface configured by DHCP
- Can offer DHCP to machines on the GREEN network
- Has the MindBright Java/SSH client to allow shell access from anywhere
with a Java-enabled browser!
Looks like it will comfortably fit in 150MB/disk:
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/hda4 4949344 53204 4644724 1% /
/dev/hda1 7776 805 6570 11% /boot
/dev/hda3 1249164 304 1185404 0% /var/log
Device Boot Start End Blocks Id System
/dev/hda1 1 1 8032 83 Linux
/dev/hda2 2 4 24097+ 82 Linux swap
/dev/hda3 5 162 1269135 83 Linux
/dev/hda4 * 163 788 5028345 83 Linux
And 64MB/RAM:
Memory: total used free shared buffers cached
Mem: 257592 21012 236580 17716 1508 10388
-/+ buffers/cache: 9116 248476
Swap: 24092 0 24092
Usage:
- It appears to "just work"(tm)
- All normal administration is done through the web-pages.
- I've not used it as a real firewall or used many of the options: VPN,
Update latest patches, DHCP, cacheing, ... but it looks solid and
well thought through.
- patch 5 now out.
Downsides:
- requires IDE disks (I only had SCSI machines available for a long
time).
- Adverts for the commercial version are rather intrusive especially in
the help pages.
- still runs 2.2 kernel which lacks support for new hardware and the
iptables firewall in the 2.4 kernels.
Conclusion:
- I would use this if
-- I were setting up a firewall from scratch for a SoHo/SMB-user
-- I had a PC with IDE hard disk and the necessary NICs
- If there was budget, I'd use the commercial version
--
Chris Benson
More information about the Tyneside-pm
mailing list