Tweet
How To: Build and Setup a SmoothWall Firewall/Router/DHCP server.
These days, you can’t be too careful on the Internet. There always seems to be someone who will try to use this marvelous tool for their own malicious ends. This article will cover how to protect your network using old or obsolete equipment.
For those of us who have 24/7 connections (Cable or DSL), network security is an important issue. Too many times we have read stories of newly-discovered exploits and ploys used to gain unauthorized access into someone’s personal, business and network information. What can be done? Obviously many things, but first and foremost should be a Router and a Firewall of some kind.
Firewalls help protect against attacks and intrusions from the Internet. Routers allow a private network to exist separately from the Internet, and most also allow multiple users to share a single Internet Connection.
Terms:
The term “Firewall” comes from lessons learned in the real world: In some densely populated areas, buildings that are built in close proximity must be separated by a fire-resistant wall to keep a fire that started in one building from spreading to another. The analogy in terms of Networking is very apt; the “Firewall” being a shield against attacks/probes coming from the Internet. There are two basic types of Firewalls: Hardware-based and Software-based. This Article will be dealing primarily with what amounts to a Hardware-Based Firewall that has some important Software features as well.
Comparisons:
There are many small set-top Routers that tout themselves as Firewalls, and they are to a degree. But they tend to be elementary and limited in what they can do. In particular, rules for incoming and outgoing traffic are very basic and often arbitrary. Configuration of these units is limited due to the simple nature of their hardware; the lack of storage capability makes it impossible to log network traffic. On the other hand, there are Software Firewalls. Software Firewalls are run as an executable or as a service on individual PCs: most Software Firewalls have excellent logging capabilities, but are ill-equipped to deal with intrusion and denial of service attacks; many software firewalls require very complex configurations for controlling network traffic into and out of the PC effectively. What then is left?
Alternatives and Options:
Often overlooked are personal computers themselves: For many years, Microsoft has offered the ability for a host PC to serve as a Hardware Firewall using Internet Connection Sharing (ICS for short). Machines configured in this manner use a portion of their processing power to create a shared Internet Connection along with a rudimentary Hardware Firewall, the limitations of this form of Firewall are many: since the PC is “live” in the sense of having a user performing daily tasks on it while acting as a Firewall is a security hazard at best, and at worst, an outage waiting to happen if ever there were to be a runaway process or inadvertent mistake that forces the computer to a critical stop or a spontaneous reboot.
SmoothWall:
Enter SmoothWall; many PCs built in the past four years or so are a candidate for turning into a dedicated Hardware Firewall/Router/DHCP server. Most obsolete PCs out there are vastly overpowered for such a task, so with little or no cash outlay, one can reconfigure an older PC to do the job of a Mid-line Professional-Grade Router/Firewall. SmoothWall was designed specifically to turn a PC into a Network Appliance whose sole purpose it is to Route Network Traffic to and from the Internet, while assigning IP addresses and protecting the Private-side of the Network from Intrusion. SmoothWall is a preconfigured, optimized version of Redhat Linux (Version 2.2 Kernel), designed only to function as an Appliance. As most computer-savvy people know, Linux has a (deserved) reputation for reliability, stability and security. The kind people over at SmoothWall.Org have distilled this into a small, yet potent package: A mere 20.7 Megabyte ISO, ready for burning into a bootable CD.
SmoothWall supports many different network types, which we will get into in a moment. First, a little jargon-busting: The Green NIC is the Private, trusted segment of the network, The (Optional) Orange NIC is not trusted, but does share the Internet Connection, the Red Interface is your connection to the Internet: this could be a dialup Modem, ISDN, USB ADSL or a conventional Ethernet Adapter.
Requirements:
The Hardware requirements are minimal: a 486DX4 processor fitted with 8MB RAM, and a ~200MB HDD. It goes without saying that you will need at least one network card (NIC), a keyboard (temporarily), a monitor (temporarily), a connection to the internet, a floppy drive (temporarily) and an ATAPI/IDE CDROM, (again, temporarily). Once SmoothWall is up and running, all regular maintenance can (and should) be performed remotely via the Web Interface.
Preparation:
I downloaded the ISO as well as the Installation Guide, Configuration Manual and FAQ documents from SmoothWall.org. A quick suggestion to the kind people over at SmoothWall: Why not package the User Manual and FAQ in PDF format as well as the latest Acrobat reader for Windows and Linux in the ISO? It may bloat the install a bit, but it would make it even faster and easier to setup. The ISO was burned to CD with Nero. Also, patch files numbers one ,two and three (All of them .tar.gz files) were also downloaded to update the machine in a timely manner after setup. I chose to go with the Triple Segmented Network: Green, Orange and Red, with the Red Interface being an Ethernet Card to my Cable Modem. I have a Private Network that I would like to keep private, but at the same time, have the need to share an Internet connection with any friends or acquaintances that may drop by for the odd LAN Party, some of whom I only know slightly. I have yet to have any wireless Ethernet in my home, but if I ever trod down that (mined) road, you can be sure it will be on the Orange NIC.
These days, you can’t be too careful on the Internet. There always seems to be someone who will try to use this marvelous tool for their own malicious ends. This article will cover how to protect your network using old or obsolete equipment.
For those of us who have 24/7 connections (Cable or DSL), network security is an important issue. Too many times we have read stories of newly-discovered exploits and ploys used to gain unauthorized access into someone’s personal, business and network information. What can be done? Obviously many things, but first and foremost should be a Router and a Firewall of some kind.
Firewalls help protect against attacks and intrusions from the Internet. Routers allow a private network to exist separately from the Internet, and most also allow multiple users to share a single Internet Connection.
Terms:
The term “Firewall” comes from lessons learned in the real world: In some densely populated areas, buildings that are built in close proximity must be separated by a fire-resistant wall to keep a fire that started in one building from spreading to another. The analogy in terms of Networking is very apt; the “Firewall” being a shield against attacks/probes coming from the Internet. There are two basic types of Firewalls: Hardware-based and Software-based. This Article will be dealing primarily with what amounts to a Hardware-Based Firewall that has some important Software features as well.
Comparisons:
There are many small set-top Routers that tout themselves as Firewalls, and they are to a degree. But they tend to be elementary and limited in what they can do. In particular, rules for incoming and outgoing traffic are very basic and often arbitrary. Configuration of these units is limited due to the simple nature of their hardware; the lack of storage capability makes it impossible to log network traffic. On the other hand, there are Software Firewalls. Software Firewalls are run as an executable or as a service on individual PCs: most Software Firewalls have excellent logging capabilities, but are ill-equipped to deal with intrusion and denial of service attacks; many software firewalls require very complex configurations for controlling network traffic into and out of the PC effectively. What then is left?
Alternatives and Options:
Often overlooked are personal computers themselves: For many years, Microsoft has offered the ability for a host PC to serve as a Hardware Firewall using Internet Connection Sharing (ICS for short). Machines configured in this manner use a portion of their processing power to create a shared Internet Connection along with a rudimentary Hardware Firewall, the limitations of this form of Firewall are many: since the PC is “live” in the sense of having a user performing daily tasks on it while acting as a Firewall is a security hazard at best, and at worst, an outage waiting to happen if ever there were to be a runaway process or inadvertent mistake that forces the computer to a critical stop or a spontaneous reboot.
SmoothWall:
Enter SmoothWall; many PCs built in the past four years or so are a candidate for turning into a dedicated Hardware Firewall/Router/DHCP server. Most obsolete PCs out there are vastly overpowered for such a task, so with little or no cash outlay, one can reconfigure an older PC to do the job of a Mid-line Professional-Grade Router/Firewall. SmoothWall was designed specifically to turn a PC into a Network Appliance whose sole purpose it is to Route Network Traffic to and from the Internet, while assigning IP addresses and protecting the Private-side of the Network from Intrusion. SmoothWall is a preconfigured, optimized version of Redhat Linux (Version 2.2 Kernel), designed only to function as an Appliance. As most computer-savvy people know, Linux has a (deserved) reputation for reliability, stability and security. The kind people over at SmoothWall.Org have distilled this into a small, yet potent package: A mere 20.7 Megabyte ISO, ready for burning into a bootable CD.
SmoothWall supports many different network types, which we will get into in a moment. First, a little jargon-busting: The Green NIC is the Private, trusted segment of the network, The (Optional) Orange NIC is not trusted, but does share the Internet Connection, the Red Interface is your connection to the Internet: this could be a dialup Modem, ISDN, USB ADSL or a conventional Ethernet Adapter.
Requirements:
The Hardware requirements are minimal: a 486DX4 processor fitted with 8MB RAM, and a ~200MB HDD. It goes without saying that you will need at least one network card (NIC), a keyboard (temporarily), a monitor (temporarily), a connection to the internet, a floppy drive (temporarily) and an ATAPI/IDE CDROM, (again, temporarily). Once SmoothWall is up and running, all regular maintenance can (and should) be performed remotely via the Web Interface.
Preparation:
I downloaded the ISO as well as the Installation Guide, Configuration Manual and FAQ documents from SmoothWall.org. A quick suggestion to the kind people over at SmoothWall: Why not package the User Manual and FAQ in PDF format as well as the latest Acrobat reader for Windows and Linux in the ISO? It may bloat the install a bit, but it would make it even faster and easier to setup. The ISO was burned to CD with Nero. Also, patch files numbers one ,two and three (All of them .tar.gz files) were also downloaded to update the machine in a timely manner after setup. I chose to go with the Triple Segmented Network: Green, Orange and Red, with the Red Interface being an Ethernet Card to my Cable Modem. I have a Private Network that I would like to keep private, but at the same time, have the need to share an Internet connection with any friends or acquaintances that may drop by for the odd LAN Party, some of whom I only know slightly. I have yet to have any wireless Ethernet in my home, but if I ever trod down that (mined) road, you can be sure it will be on the Orange NIC.
), ISA Hardware-based modems generally can be jumpered for a specific IRQs and COM Port settings: Most are Plug and Play compatible, and don't require jumpering (all of the jumpers are left open), but for Linux, you definitely want them jumpered for sanity's sake.
Comment