OT: smoothwall firewall impressions

Chris Benson chrisb at jesmond.demon.co.uk
Fri May 2 07:47:56 CDT 2003


Just for a change, a software review.

After thinking about it for over a year and having the CD for over 6
months, I finally tried out the SmoothWall firewall today.  A Linux
distribution that turns a redundant PC into a reasonably competent
firewall.  This is SmoothWall GPL 1.0. from http://www.smoothwall.org/
Bootable CDROM bought from www.linuxemporium.co.uk.

Installation (short):
- insert CD
- boot
- confirm keyboard layout, timezone,
- set IP address and hostname
- choose passwords for root, setup and admin users
- press Return a few times
- remove CD

Installation (more):
- When I first looked at SmoothWall I had ISDN and SmoothWall didn't.
- Now it has ISDN and USB ADSL support 
- It supports two or three networks:-
-- GREEN is the ethernet card on the internal (safe) network
-- RED is the ethernet card/ISDN/ADSL/modem connected to the Internet
-- ORANGE is an optional ethernet card connected to the DMZ - a semi-safe
   network.
- After initial setup of the above administration is by connecting
  to web-pages and logging in as admin.
- Can do IPSEC VPNs
- Can port-forward, NAT, all the firewall stuff
- Can run Squid web cache and Snort intrusion detection
- Can have the external (RED) interface configured by DHCP 
- Can offer DHCP to machines on the GREEN network
- Has the MindBright Java/SSH client to allow shell access from anywhere
  with a Java-enabled browser!
 
Looks like it will comfortably fit in 150MB/disk:
Filesystem           1k-blocks      Used Available Use% Mounted on
/dev/hda4              4949344     53204   4644724   1% /
/dev/hda1                 7776       805      6570  11% /boot
/dev/hda3              1249164       304   1185404   0% /var/log

   Device Boot    Start       End    Blocks   Id  System
/dev/hda1             1         1      8032   83  Linux
/dev/hda2             2         4     24097+  82  Linux swap
/dev/hda3             5       162   1269135   83  Linux
/dev/hda4   *       163       788   5028345   83  Linux

And 64MB/RAM:
Memory:      total       used       free     shared    buffers cached
Mem:        257592      21012     236580      17716       1508 10388
-/+ buffers/cache:       9116     248476
Swap:        24092          0      24092

Usage:
- It appears to "just work"(tm)
- All normal administration is done through the web-pages.
- I've not used it as a real firewall or used many of the options: VPN,
  Update latest patches,  DHCP, cacheing, ... but it looks solid and
well thought through.
- patch 5 now out.

Downsides:
- requires IDE disks (I only had SCSI machines available for a long
  time).
- Adverts for the commercial version are rather intrusive especially in
  the help pages.
- still runs 2.2 kernel which lacks support for new hardware and the
  iptables firewall in the 2.4 kernels.

Conclusion:
- I would use this if
-- I were setting up a firewall from scratch for a SoHo/SMB-user
-- I had a PC with IDE hard disk and the necessary NICs
- If there was budget, I'd use the commercial version

-- 
Chris Benson



More information about the Tyneside-pm mailing list