SmoothWall Express 3.0 is an open source GNU/Linux firewall which is security-hardened and freely downloadable. By design, it has minimal hardware requirements and a small footprint. It should work with nearly any Pentium class computer with at least 128MB of RAM and a hard disk with a capacity of 2GB or greater. It’ll likely work with that PC you have sitting in your closet that you’ve been too lazy to recycle. You’ll want to have at least two network cards installed for basic use, and three or more if you want to have a DMZ or incorporate a wireless network. Keep in mind though, that your firewall’s reliability is limited by the hardware on which it’s installed. Don’t worry if you don’t know much about Linux. Though the geeky can get down and dirty at the command line, SmoothWall is very easy to install and configure. It’s meant to be managed via an integrated web interface, so it’s appropriate to run it headless.
Smoothwall will run a variety of hardware. It’s recommended you use a machine that is 166 MHz or faster. Although, I’ve heard of people running Smoothwall on machines as slow as 33 MHz. In any case, you will need at least 2 network cards (NICs) in your Smoothwall machine. After all, a true “firewall” is a machine with 2 or more network interfaces. You can see the topology is displayed below:
To install, first download ISO file from official site and burn it to a CD. For those in need of disk burning software.
Lets begin Installation
( I Will install in the virtual environment. You can install it in Physical Machine)
Step 1: Installation
The installation is pretty straight-forward. Make sure you have your BIOS set to boot from a CD, and the installation process begins automatically. Remember, that installing this will delete everything on your hard drive. A format is required for the installation to begin. Depending on how large your hard drive is, the format and file copy process should not take long. When it is all finished, Smoothwall will probe your machine for network interfaces.
- Prepare Virtual Machine environment with two interfaces for eg. 1 Bridge & 1 Internal or Host-Only. How to create Virtual Machine you can take help my another post ” How to Install Mikrotik in Virtual Environment”.
- Then boot your system to the CD and run the installer which will wipe your hard disk and install SmoothWall Express. Just accepting the defaults will lead you to a good starting place.
- Enter the hostname. I am using firewall.hindicbts.com as hostname.
- The first “hard” question you’ll be asked is what you want the default security policy to be for outgoing requests. The default is Half-Open which permits most outgoing traffic except for that which is potentially harmful. You may also choose Open which doesn’t limit outgoing traffic at all, or Closed which requires that you later explicitly configure what traffic is permitted.
- You’ll then need to choose how you want to configure your network interfaces. Your interfaces will be Green, Red, Orange, or Purple.
During this installation, I used only 2 network cards. One for connection to the internet router, and one for connection to the switch. There are several popular methods for network interface configurations. In Smoothwall, each interface is assigned a “color” corresponding to it’s purpose. The common interfaces are listed below:
RED: Internet. This interface is protected by the IPTABLES firewall rules. ORANGE: Filtered/Special Purpose. This is commonly used for a DMZ, or othspecial section you want to allocate. GREEN: Trusted network. All traffic permitted to and from this interface.
If you have two of the same NICs, you may want to pay attention to the MAC addresses so you know which cable to connection to your modem, and which one goes to your switch. The safest way to setup your RED interface, is to use DHCP or you can assign static. If you selected DHCP, This way, all the DNS, gateway, and IP information is automatically done for you. Your GREEN interface should have a static IP (192.168.0.1) to connect your LAN but you can choose any IP of this network. Once you have your interfaces setup correctly, reboot the machine. I recommend that you have everything working 100% before you remove the monitor and keyboard.
RED interface IP – 192.168.1.252/24 , Gateway – 192.168.1.1, DNS – 192.168.1.1
GREEN Interface IP – 192.168.0.1
- If you want to configure proxy then select Proxy Menu and enter Hostname: Proxy.hindicbts.com and Proxy port.
- Now enter the Admin & root password and Finish the Setup
Congratulation You have successfully installed the Smoothwall Firewall.
Step2: Configure Smoothwall Firewall according your requirements
- Now Connect your laptop / computer according to the topology diagram (Green Interface)
- However, the most in-depth features are only configurable through the Web GUI. To get to the Web configuration page, point your browser to https://SmoothWallGreenAddress:441 and enter the admin password you configured earlier.
careful you have selected half-open security policy, this policy allows internet access without any problem.
First of all remove the access of all unwanted service ports from services-> outgoing.
Lets assume you want to serve internet through the proxy only, no one can go directly to the internet.
- Enable proxy services- > proxy ( Remember you have configured proxy at installation time Hostname= proxy.hindicbts.com & port = 3128)
- Remove all outgoing ports from Networking-> outgoing
- Set proxy at the Web browser for eg. if you are using Firefox then go to options -> Advance -> Network
- set the proxy address to 192.168.0.1 and proxy port 800
- Remember to check out on Use this for all protocols
- Browse internet , Congrats you are able to browse internet through proxy. You can see the logs through the Logs -> Web Proxy
If you want bypass some users then you can enter the IP address of the clients.
You can run proxy transparently. Enable through the Services-> web proxy.
Setup SmoothWall as DHCP server
If you want that Smoothwall will act as DHCP server then you can enable from services- > DHCP
If you want that some user will get IP fom DHCP but get particular IP then you can add static assignment. Every time User will get static assigned IP.
Smoothwall Firewall have so many built in features. You will more features in my Smoothwall CBT .
* CBT is under contruction. You will shortly
Amit Kumar SinsinwarHits:5386