SmoothWall Express 3.0 SP3 | 557 MBSmoothWall Express is a modular firewall and VPN-gateway based on Linux, designed to meet the needs of network security.
Easy
to install and configure the SmoothWall Firewall does particularly well
suited for businesses without security experts on staff. The system is
controlled through the Web Gui, need to know the Linux command line is
missing.
Information:
Without a good firewall today simply
can not do, especially if you are using a broadband Internet
connection. But what firewall you choose? How about a free solution that
can work on the old "iron", a graphical configuration interface and the
installation and configuration to handle even a novice user? We offer
to meet with Smoothwall Express 3.0.
Functionality
Smoothwall
is a software solution to make old computer a complete firewall, on the
capabilities and performance not inferior to many hardware versions.
Smoothwall Express is distributed under the GPL and is based on Linux,
however, unlike many other solutions based on Linux, Smoothwall boasts a
graphical user interface settings. Using the browser, you can customize
even the most advanced features are absolutely without any problems.
Smoothwall
is aimed at all users, from home to network administrators, but once we
note that the Express will be particularly appealing to home users is.
On-line context sensitive help can even inexperienced users to make a
technical guru. Smoothwall Express is free, but also offers a version of
Smoothwall Corporate Server, which of course costs money, but offers
more features.
Setting
Smoothwall can work with several
types of Internet connections, for example, ISDN, ADSL or even dial-up
connection. We decided to use all three zones of Smoothwall, setting the
web-and mail servers in the orange zone. After installation is
complete, you can connect to the web-administration interface from any
computer with Smoothwall of green space. When you connect you will see
the following page:
Home web-interface (Control: Home).
If you
just installed Smoothwall, then on the home page appears on the
availability of updates. Smoothwall is updated very peculiar. First need
to download updates to your computer, and then, using web-based
Smoothwall, to download the file to Smoothwall, as shown below.
Update (Maintenance: Updates).
After
the upgrade, you can move on to configuring Smoothwall. A firewall has
built-in server DHCP (dhcpd), web-proxy (squid) and intrusion detection
systems (snort). Additionally, a dynamic name service DDNS, which
operates, for example, with Dyndns.org, SSH server, and even IPsec VPN
(FreeSWAN). Each service is easily configured via a web-interface. The
following is an example of setting up a server DHCP:
Services: DHCP (Services: DHCP).
Some
services offer to configure a large set of parameters, while others,
such as SSH, the number of options is limited to only one or two ticks.
Services: Remote Access (Services: Remote Access).
All
services are easily configured using the web-based interface, which,
although it does not provide access to the wealth of options, enough to
start and run services in most configurations. Another great feature of
the web-interface - is an online help system. After reading the hint,
you can easily configure, even for those services that used to be for
you a "white spot". Help is displayed in a separate window, allowing you
to simultaneously read and configure the system.
On-line help.
We
believe that the online help system is one of the most important
advantages Smoothwall. Many users often do not have the patience to find
out online or in the leadership of a particular function, but almost
all "clicked" on the right button if the need arises. This possibility,
in our opinion, gives a huge advantage over Smoothwall many other
web-interfaces that we've met before, especially for those who first
sets up a firewall.
Smoothwall is also based on the Java web-interface SSH, which is shown below.
Shell SSH (Tools: Shell).
Using
the built-in SSH, as well as any other client SSH, you will have access
to the command line interface where you can edit configuration files
manually or perform settings that are not represented in the
web-interface.
By default Smoothwall allows Internet access to
all systems of green and orange bands, can send requests from the Green
Zone in an orange, but not vice versa. All incoming requests from the
Internet (except for port 113) are discarded. Rules can be changed by
clicking on the tab "Network / Networking" web-interface. For example,
since we are working in the orange zone and web-based mail servers, we
were allowed to forward packets on ports 80 and 25, as shown below.
Port forwarding (Networking: Port Forwarding).
Adding
and removing rules is performed in a single click. Shown above, we
removed the temporary rule, created to test the performance Gnutella.
Logging
After
Smoothwall is configured, you can periodically check the state of the
system. Smoothwall is also a great show: you can view not only the
status page, but the traffic information provided graphically. Below
shows how the page looks "Traffic Graphs".
Display of traffic (about: Traffic Graphs).
You
can "click" on any interface and graphics look detailed schedule for
the day, week, month or year. In addition to the status of pages and
graphics, is present here and page view logs. Some magazines are
displayed in clear text, but others, such as "Firewall / Firewall" and
"Intrusion Detection / Intrusion Detection System", formatted for better
viewing. The page "Firewall / Firewall" even includes checkboxes and
buttons for browsing and blocking IP-addresses.
Please note that
the system can detect attacks only detect attacks. Smoothwall does not
block them, if they are not subject to rules prohibiting the firewall.
If you set up port forwarding, make sure the system on which redirect
traffic (hopefully it is in the orange zone), are not affected, which
are now set.
Smoothwall to quickly and easily change their
passwords, back up and run small utilities (whois, ping and traceroute).
In general, the system is fairly functional and meets the needs of many
users.
However, we found a few flaws. First, clean up your
entire hard drive during installation is too drastic a solution,
especially given the fact that Smoothwall is based on Redhat, which has
always offered excellent facilities for working with during the
installation. Secondly, we are not pleased with the inability to edit a
web-based file / etc / hosts, though, of course, you can use SSH and
adjust it manually. Third, Smoothwall uses for time synchronization NTP,
but does not support this service for the green and orange bands. And
finally, Smoothwall provides name resolution DNS, but only for the green
zone. Computers located in the orange zone, name resolution will have
to use external servers DNS (eg, provider). Note that all these problems
can be solved easily, only a little work with the system. Remember, the
inside running Linux, so you can change anything, just want the main
thing