If you ever ï¬nd yourself in need of a decently robust and full-featured ï¬rewall but your budget is approaching zero, I have just the solution for you.
SmoothWall Express 3.0 is an open-source, security-hardened GNU/Linux ï¬rewall. With minimal hardware requirements and a small footprint, it should work with nearly any Pentium-class PC that has at least 128MB of RAM and a hard disk of 2GB or
greater. You should have at least two network cards installed or basic use, three or more if you want to incorporate a wireless network or to have a DMZ (a demilitarized zone, or a host that serves as a buffer between your private network and the outside). Keep in mind, though, that your ï¬rewall’s reliability is limited by the hardware on which you install it.
Installing SmoothWall
Don’t worry if you don’t know much about Linux. Though the geeky can get down and dirty at the command line, Smooth
Wall is easy to install and conï¬gure. It’s meant to be managed via an integrated Web interface, as well. To install, ï¬rst download the 81MB ISO ï¬le and burn it to a CD. If you need disk-burning software, try ImgBurn.
Boot to the CD and run the installer, which will wipe the hard disk before it installs. Accepting the installer’s defaults a good start. The ï¬rst “hard†question involves the security policy for outgoing requests. The default is Half-Open, which permits outgoing traffic except for any hat is potentially harmful. You may also choose Open, which doesn’t limit outgoing trafï¬c, or closed, which requires that conï¬gure what traffic is permitted.
You then need to conï¬gure your network interfaces, which will be labelled Green, Red, Orange, or Purple. The Green interface is your trusted LAN. Red is the evil and dangerous Internet. Orange is your DMZ, and Purple is your wireless LAN.
Next you select which network card to ssign to each role. SmoothWall will probe for and detect most cards. You’ll need to specify IP conï¬guration, and optionally the DNS and gateway settings. You may also conï¬gure Web proxy, ISDN, ADSL, and
DHCP. Lastly, you need to set a Web-interface password and a root password for command-line access.
You’re done with setup. From here you an leave your “Smoothie†as is, and it behaves as a fully functional ï¬rewall. However, you can conï¬gure the most inepth features only through the Web interface. Point your browser to https://SmoothWallGreenAddress:441 and enter the admin password you made earlier.
For a free product, SmoothWall is remarkably full featured, including proxy servers, IDS, logging, trafï¬c graphs, DHCP, VPN, dynamic DNS, port forwarding, server health, and access control. It also provides an interface for backing up and restoring your conï¬guration, so when your Pentium II PC kicks the bucket, you can get SmoothWall up and running again.
SmoothWall Express is limited to a single CPU and 1GB of RAM, but that’s not likely to be an issue for even a network with a couple hundred users. The real imitation is the lack of support: While you can consult the robust user community, you’re mostly on your own. Of course, The commercial arm of SmoothWall sells paid and supported products, too.
Tags: Firewall