pavement

SmoothWall

From FreeBSDwiki
Revision as of 18:24, 18 September 2007 by DrModiford (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

SmoothWall is an out-of-the-box firewall solution from SmoothWall Ltd., a UK based company. While not strictly FreeBSD related, it being based on GNU/Linux, it is an open source and freely available alternative for those not confident enough to use FreeBSD's in-built firewall solutions. It requires an IBM compatible i386 (or better) computer in which to install - it will wipe the entire drive - ensure the computer in question is no longer required and can be dedicated to running SmoothWall.

Overview

SmoothWall is a firewall that works well for a small home LAN, through to small offices right up to corporate-scale environments. The company behind the product offer professional versions of the free offering that provide advanced features. This allows for the free version, known as SmoothWall Express, to continue to be available at no cost. This is similar to dual-licensing schemes used by the companies behind PostgreSQL and MySQL and other open source solutions.

Despite being free the product boasts features found in high-end firewall routers from Netgear or D-Link and has regular security fixes available.

Features

SmoothWall has a great list of features that makes it a serious contender for even the most advanced firewall router devices on the market. It can be thought of as a poor-mans equivalent of the commercially available CheckPoint Firewall system in that it is an operating system based firewall that runs on dedicated physical hardware.

Key features (as of current release version 3.0) running through the menu options in order:

  • About
    • About Your SmoothWall - Active service status of your Smoothie;
    • Advanced Status - Pertinent information about your Smoothie, current configuration and resource usage;
    • Traffic Graphs - Statistical graphs based upon traffic usage across your SmoothWall's network interfaces;
  • Services
    • Web Proxy - Configure and enable your SmoothWall's integrated caching web proxy service;
    • DHCP - Configure and enable your SmoothWall's DHCP service, to automatically allocate LAN IP addresses to your network clients;
    • Dynamic DNS - Especially suited when your ISP assigned you a different IP address every time you connect, you can configure your SmoothWall to manage and update your dynamic DNS names from several popular services;
    • Intrusion Detection System (IDS) - Enable the Snort IDS service to detect potential security breach attempts from outside your network. Note that Snort does not prevent these attempts — your port forwarding and access rules are used to allow and deny inbound access from the outside;
    • Remote Access - Enable Secure Shell access to your SmoothWall, and restrict access based upon referral URL to ignore external links to your SmoothWall;
    • Time settings - Change timezone, manually set the time and date, and configure time syncronisation;
  • Networking
    • Port Forwarding - Forward ports from your external IP address to ports on machines inside your LAN or DMZ;
    • External Service Access - Allow access to admin services running on the SmoothWall to external hosts;
    • DMZ Pinholes - Enable access from a host on your DMZ to a port on a host on your LAN;
    • PPP Settings - Configure username, password and other details for up to five PPP, PPPoA or PPPoE connections;
    • IP block configuration - Add blocking rules to prevent access from specified IP addresses or networks;
    • Advanced networking features - Configure ICMP settings, and other advanced features;
  • VPN
    • VPN Control - Control and manage your VPN connections;
    • VPN Connections - Create connections to other SmoothWalls or IPSec-compliant hosts which have static IP addresses;
  • Logs
    • Log Viewer - Check activity logs for services operating on your SmoothWall, such as DHCP, IPSec, updates and core kernel activity;
    • Web Proxy Log Viewer - Check logs for the web proxy service;
    • Firewall Log Viewer - Check logs for attempted access to your network from outside hosts. Connections listed here have been blocked;
    • IDS Log Viewer - Check logs for potentially malicious attempted access to your network from outside hosts. Connections listed here have not necessarily been blocked — use the Firewall Log Viewer to confirm blocked access;
  • Tools
    • IP Information - Perform a 'whois' lookup on an ip address or domain name;
    • IP Tools - Perform 'ping' and 'traceroute' network diagnostics;
    • Secure Shell - Connect to your SmoothWall using a Java SSH applet (requires SSH to be enabled);
  • Maintenance
    • Updates - See the latest updates and fixes available for your SmoothWall, and an installation history of updates previously applied;
    • Modem Configuration - Apply specific AT string settings for your PSTN modem or ISDN TA;
    • USB ADSL Firmware Upload - Upload firmware to enable use of an Alcatel/Thomson Speedtouch Home USB ADSL modem, nicknamed the 'frog' or 'stingray'. Download the 'Speedtouch USB Firmware' tarball, unpack it, and upload the mgmt.o file using this form;
    • Change Passwords - Change passwords for the 'admin' and 'dial' management interface users. This does not affect access by SSH;
    • Backup - Use this page to create a backup floppy disk or floppy disk image file;
Retrieved from "http://www.freebsdwiki.net/index.php?title=SmoothWall&oldid=8828"
Personal tools