First looks at SmoothWall Express 3.0 Alpha "Grizzly"

By Niall C. Brady, October 2005.





Feel free to discuss this review in the Security and Firewalls section of the forums.
To read more reviews please click here.



Introduction
Installation
What's new ?
Configuring Smoothwall
***Control
***About
***Services
***Networking
***VPN
***Logs
***Tools
***Extensions
***Maintenance
Conclusion
Screenshots


Introduction

Smoothwall is marketed as 'a family of Internet Security products, designed to defend your users and your network from external attack'. It is an open source firewall distribution based on the GNU/Linux operating system and is free to download and use.

I have been a Smoothwall User since version 1.0 hit the shelves, however I only started using it in ernest (and recommending it to others) once Smoothwall Express 2.0 was released. My home network is actually quite a complex mess, and divided into two separate networks, one for 'home' use and one for 'work'. Both networks are completely separate from the other and are ADSL based and both are protected from external attack via Smoothwall Express 2.0, that's right, I have two 'smoothies' running 24/7, 365 days a year. Smoothwall Express 2.0 has protected both of these networks flawlessly and with minimal effort and maintenance (7 patches released over a couple of years or so). Smoothwall's strengths are many, so to try and sum them up is a difficult task in itself, but in brief, it has the ability to log intrusion attempts (via snort), logged firewall attacks (iptables), port forwarding, web proxy (squid) and it's associated logging capabilities, traffic graphs to show you at a glance where your bandwidth is going, easy to get (less than 50mb ISO to download) and of course it can happily install and function on old obsolete 'headless' computers. Perhaps it's biggest strength is the easy to use web based interface with its clearly defined areas and help always at hand, of course not everyone will agree with me, but seeing as that is the area that most users will see/use then I believe that the web based tool that Smoothwall have created, is a work of art.

Smoothwall is incredibly simple to manage via the web based interface so even networking noobs (or linux noobs for that matter) should be able to figure it out in no time at all. For the more experienced out there, you can ssh in and be 100% command line based if you wish. Either way, Smoothwall provides a very nice firewall distro that works very well and has been installed over 1 million times (according to Smoothwalls 'about' page).

When I read that Smoothwall Express 3.0 Alpha was released, I was extremely eager to see what the new version was shaping up to become, and without giving too much away, my initial feelings about this Alpha product can be described with one word 'wow'.

Back to top ^^

Installation

Once you've downloaded the 46.88MB iso and burned it to a CD, you'll need to select a computer to install it on. If you want to be really sure you'd hardware will work then check out the online forums where a hardware compatibility list is there for you to peruse. Alternatively bite the bullet and do a test run on your chosen box. In my case, I used an 'old' Pentium 4 box, with two network cards (one ancient pci 10mb/s and one gigabit onboard nic). This machine had 512mb ram and a 40gb hdd.

Before installing this version of Smoothwall, make sure to understand a few things namely:-

1. This is an ALPHA release (so it's work in progress and there are some known problems)

and

2. The installation of Smoothwall will completely WIPE OUT anything that is on your hard disc.

Ok, now that we understand that, and we've backed up our data, let's proceed. The installation is pretty similar to Smoothwall Express 2.0, namely its text based. The first screen that greets you when you boot from the CD has ALPHA written across the screen 12 times [Screenshot], so I guess they want you to understand point 1 above. Pressing ENTER will start the linux kernel and begin the simple installation. You will be presented with screen after screen of questions and choices and any of this can be changed at a later stage by logging in to the box locally and typing 'setup' at the console (or of course if everything went well, you can use the web based interface). The install screens will basically cover the following:-

Welcome screen
Select Installation Media (CDROM/HTTP)
Preparation of the hard disc (partitioning/formatting)
Warning message about above !!
Configure Networking
Configure GREEN interface IP settings
Installing files
Restore backup configuration ?
Choose Keyboard mapping
Enter machines hostname
Web proxy update list address
ISDN configuration
ADSL configuration
Network Configuration menu [Screenshot]
DHCP server configuration
Password config for admin, root and setup accounts
Setup complete, reboot


The part's of the installation that users may find problems with are understanding the GREEN and RED networking. To make it as simple as possible, remember this much, the GREEN network is your local computers talking to each other, the RED network is the Internet, so one network card on your smoothwall handles the local network (GREEN) and the other network card handles the internet (RED).

You could of course use a modem (ISDN or ADSL device) and many are supported by this version of Smoothwall as it uses the 2.6.12.4 linux kernel. The vast majority of ADSL modems listed in the setup, are USB and even though I have two ADSL modems here, I chose to 'disable ADSL' and they are working just fine (set RED to DHCP and off you go).

You can configure the smoothwall to act as a DHCP server as detailed above, and by default it wants the smoothwall to be 192.168.0.l and to hand out addresses from 192.168.0.100 to 192.168.0.200.

If your network cards are not recognised for some reason, then choose the 'probe' button [Screenshot], if still not recognised, then go back to the hardware compatibility list I mentioned above.

Ok, by now you should have installed Smoothwall Express 3.0 ALPHA, congratulations ! didn't take long did it ? (15 minutes or so!!!).

Back to top ^^

What's New in Smoothwall Express 3.0 alpha

The most obvious new features in Smoothwall Express 3, are the updated linux kernel (from 2.4 to 2.6) which gives a lot more support for network cards (newer ones) and now the Smoothwall web based interface sports a really nice newly designed theme [Screenshot] (when you see the new one, you'll quickly see how dated Smoothwall Express 2's gui feels).

In addition to that, there are the the following features

New update system
Prompt for user/pass before seeing 'status' screen
NTP service for the local network
A plug-in extension service for 'home brew' add-ons
The traffic page is updated and more informative


For a complete list of what's new and possible features see Smoothwall's website. Their online forums seem to be a thriving area and are full of posts and suggestions from users even concerning this new ALPHA build so check it out !

Back to top ^^

Configuring Smoothwall

The easiest way to manage smoothwall, is to connect to it from another local computer on your network. Simply fire up a web browser and type in the hostname of the firewall that you assigned to it, alternatively try the following https address (assuming that you went with the default settings)

https://192.168.0.1:441

Once you have entered your username and password, you'll be presented with the brand new theme [Screenshot] which contains a variety of tabs. I'll go through each tab here.

Control:-
This is the front page of smoothwall and allows you to quickly see the status of your smoothwall in terms of uptime, bits transferred and a little scrolling map of traffic rate. You can also shutdown/reboot the firewall from here or get detailed help. In addition you can see who made this great software on the credits tab.

Back to top ^^

About:-
This tab brings up details of whats running on your server (useful for troubleshooting) via four additional tabs, 'status', 'advanced', 'traffic graphs' and 'register'. The 'status' tab shows what services are currently running, in this ALPHA release the CRON and VPN service [Screenshot] will most likely appear as 'STOPPED'. In addition, if you imported your settings from your Smoothwall Express 2.0 firewall via a floppy, then chances are that your web proxy, Intrusion Detection server and more, will appear as 'STOPPED'. To solve this bug (I had this issue) simply do a clean install of the Alpha again (only takes 15 minutes !) and you should be able to correctly run the web proxy and IDS.

The 'advanced' tab [Screenshot] brings up nice graphs of memory usage, inode usage, disk usage, uptime and users and more. You can't actually do anything here, just see what is going on usage wise on your smoothwall server.

The 'traffic graphs' tab [Screenshot]shows how much traffic is being used up on your GREEN and RED interfaces, and also (new with smoothwall 3.0) shows statistics of current/hour/day/week/month usage. A very nice addition !

Next to this we have a new tab called 'register' [Screenshot] and that allows you (if you wish) to register your interest in the product with the smoothwall team.

Back to top ^^

Services:-
This is where you do most the the 'real configuring' within smoothwall, and it opens up a new page with 6 important tabs.

The first tab 'web proxy' [Screenshot] allows you to configure smoothwalls integrated caching web proxy service (squid). In a nutshell, say you have 5 computers running Windows on you local network, and you do windows update on them, well those updates could be downloaded 5 times or just once via a web caching proxy. That's where the web proxy kicks in, and its very configurable too. If you want your clients to have no changes to their proxy settings in their internet browser, then set the web proxy to 'transparent'.

The next tab is 'DHCP' [Screenshot] and it allows you to configure smoothwalls built in DHCP server if you choose to use it.

For the dynamic DNS [Screenshot] users amongst you (hey, i'm one too !) you can configure smoothwall to auto login to those domains so that they get the correct IP reported. Cool, useful and handy.

If you are even mildly interested in what is trying to get into your internet connected pc's then the next tab 'Intrusion detection system' [Screenshot] is a must (it uses snort). Very little to do here, just put a tick in the box, and hopefully snort will start logging intrusion attempts. I say hopefully because you may run into an issue with snort or squid if you use the backup discette from your previous smoothwall (express 2.0) failing to start. I'll repeat the fix that worked for me (and recommended by smoothwall), re-install smoothwall fresh and input in the settings manually (forget the backup/restore option for now, its ALPHA remember !).

If like me, you use linux and like to ssh in to a box, well you can do the same with smoothwall (on the local network). On the 'remote access' tab [Screenshot], simply enable it and ssh in from another box. You can even ssh in from a windows machine using putty.

The last tab in the services category is 'time' and it allows you to change timezone or enable the built in time server.

Back to top ^^

Networking:-
This category allows you even more options (seemingly endless :-)) and is very important if you want to block ips, do port forwarding or more. It is broken down into yet more tabs and all are fairly self explanatory.

The first tab in networking is 'port forwarding' [Screenshot] and it's here that you instruct smoothwall how to forward specific TCP or UDP ports and to which machines on your GREEN network. Cool stuff, very nicely done, and it accepts ranges of ports as well.

If you require your end users (pc's) to have specific external access (for example IDENT in IRC, then this tab is for you. Nuff said.

Next up is the cryptic sounding 'DMZ pinholes' which allows advanced users with DMZ (demilaterized zones) to configure 'holes' between the DMZ and the local network. This is only applicable if you have an ORANGE network running alongside the GREEN and RED. Smoothwalls help documentation does state that it can be 'slightly risky security wise' and that's fair enough as I've never bothered with that option myself. So in other words, if in doubt, don't bother with it.

For those of you dependant on PPP,PPPoA or PPPoE connections the next tab aptly named 'ppp settings' allows you to configure username/password for up to five of those connection types.

Imagine for a moment that you are on IRC and some dork decides to DOS you, what do you do ? cry ? nah, you click on the 'ip block' tab in networking and add his ip (or ips) to the list of blocking rules. Great stuff really, keep out the bad guys and don't let them know about it at the same time ! (drop packet). Oh and you can log it too, so you know when the lam3r gives up ! neat stuff.

Lastly in the networking category we have the 'advanced' tab and in here you can configure ICMP settings (ping to you and me) and some other nice features.

Back to top ^^

VPN:-
As VPN (virtual private networking) is broken in this ALPHA release I won't say too much about it, other than the official word from Smoothwall which is:-

The main problem is that IPSec is currently broken. This is our biggest priority to fix.

Back to top ^^

Logs:-
The 'Logs' category is simply fantastic, you can browse your web proxy logs (see what sites were visited by each ip on the local network and when), you can check how your 'firewall' [Screenshot] is performing (look at all those blocked attempts) and see what snort is telling you about intrusion detection (assuming you get the IDS logs reported correctly, they are logged to /var/log/snort but not displayed currently on my IDS log screen, bug ? perhaps).

UPDATE:-

To get IDS to report the logs correctly login to your smoothie via ssh and do as follows

chmod +r /var/log/snort/alert

Thanks to 'motersho' on the smoothwall community forums for that :-)

Not only that, but the logs tell you about errors/info for the following services that smoothwall provides:-

Smoothwall (itself)
PPP
ISDN
DHCP server
SSH
Login/Logout
Kernel
IPSec (aka, VPN)
Update Transcript
NTP (your time server)


Back to top ^^

Tools:-
The tools category is broken down into three further tabs, 'ip information' to perform a 'whois' lookup on an ip address or domain name, 'ip tools' to ping or traceroute an ip and lastly a java based linux shell
[Screenshot] so that you can have a shell even if no putty is installed on your windows box and you want to get down to the CLI.

Back to top ^^

Extensions:-
This is a new category in Smoothwall 3, and allows you to expand smoothwall beyond it's original design via downloading and installing a new 'service' or 'home brewed' fix. This is definetly a 'make it easier for the end user' addition to the product. I'm glad to see it here and i'm looking forward to seeing what 'mods' people will produce.

Back to top ^^

Maintenance:-
Last but not least we have the Maintenance category which is further broken down into 'updates', 'modem', alcatel speed touch usb adsl firmware upload', 'passwords', 'backup' and 'shutdown' [Screenshot]. The most interesting one to most smoothwall users will be the 'updates' tab, as it now allows updates to be applied without having to 'upload' them from the desktop as we had to do with Smoothwall Express 2.0. Now you can just 'check for updates' and if it find's one, click on the 'update' button. Very nice !

Back to top ^^

Conclusion

After using Smoothwall Express 2.0 for years and now testing out Smoothwall Express 3.0 (alpha) I can conclude that this product is shaping up to become even more fantastic than I ever thought it could be. It gives power to the end user, allows them to decide how to control their network and makes it easy to do so. The new GUI (web based interface) is much clearer, easier to read, and provides more information about what is going on.

If you are worried about what is attacking your pc's at home or in the office, and think your hardware based 'firewall' solution (the one you paid 100$ for) is not really up to scratch, then you should consider trying Smoothwall Express 3. The logging features alone are an asset, not to mention web caching via squid and traffic graphs via MRTG. It is in Alpha stage right now, but by using it and providing feedback, you will ensure that the final release will be a sensation.

I want to personally thank the hard working gurus at smoothwall for producing such great software. I love my 'smoothies' and I hope that you'll love yours too, oh and bye the way, in case I didn't mention it

Yes it's free, yes it's alpha and yes it's FANTASTIC !

and in case you don't believe me, linux-noob.com is now running behind a Smoothwall Express 3.0 ALPHA server (previously it was Smoothwall Express 2.0). So there you have it, thumbs up from me :-)

Back to top ^^

Screenshots

Here are an assortment of screenshots of Smoothwall Express 3.0 Alpha.


Back to top ^^

(c) http://www.linux-noob.com 2005.
Created by anyweb on October 26th, 2005