How to protect your network with an open source firewall
Get yourself some hardcore protection.
By Michael Scalisi | PC World | Published: 10:52, 11 September 2009
It the rare IT person who doesn't sometimes run into a situation where they are helping a client or organisation who has more IT needs than budget. Often it's the rule and not the exception. If you ever find yourself in a situation where you need a decently robust and full featured firewall and have a budget approaching zero, I have just the solution for you: SmoothWall Express.
SmoothWall Express 3.0 is an open source GNU/Linux firewall which is security-hardened and freely downloadable. By design, it has minimal hardware requirements and a small footprint. It should work with nearly any Pentium class computer with at least 128MB of RAM and a hard disk with a capacity of 2GB or greater. It'll likely work with that PC you have sitting in your closet that you've been too lazy to recycle. You'll want to have at least two network cards installed for basic use, and three or more if you want to have a DMZ or incorporate a wireless network. Keep in mind though, that your firewall's reliability is limited by the hardware on which it's installed.
Don't worry if you don't know much about Linux. Though the geeky can get down and dirty at the command line, SmoothWall is very easy to install and configure. It's meant to be managed via an integrated web interface, so it's appropriate to run it headless.
Then boot your system to the CD and run the installer which will wipe your hard disk and install SmoothWall Express. Just accepting the defaults will lead you to a good starting place. The first "hard" question you'll be asked is what you want the default security policy to be for outgoing requests.
The default is Half-Open which permits most outgoing traffic except for that which is potentially harmful. You may also choose Open which doesn't limit outgoing traffic at all, or Closed which requires that you later explicitly configure what traffic is permitted.
You'll then need to choose how you want to configure your network interfaces. Your interfaces will be Green, Red, Orange, or Purple.
The Green interface is your trusted LAN. Red is the evil and dangerous Internet. Orange is your DMZ, and Purple is your wireless LAN.
Next you choose which network card will be assigned to each role. SmoothWall will probe for and automatically detect most cards. You'll need to specify IP configuration and optionally DNS and Gateway settings.
Additional items that may be configured are Web Proxy, ISDN configuration, ADSL configuration, and DHCP configuration.
Lastly, you'll need to set a Web interface password and a root password for command line access.
You're done with setup! I told you it was easy.
From here, you can leave your "Smoothie" as is and it's a fully functional firewall.
However, the most in-depth features are only configurable through the Web GUI. To get to the Web configuration page, point your browser to https://SmoothWallGreenAddress:441 and enter the admin password you configured earlier.
One thing that may surprise you is that for a free-product that's easy to configure, SmoothWall is remarkably full featured.
SmoothWall offers a number of capabilities, including: Proxy Servers, IDS, Logging, Traffic Graphs, DHCP, VPN, Dynamic DNS, Port Forwarding, Server Health and Access Control.
It also provides an interface for backing up and restoring your configuration, so when that Pentium II finally kicks the bucket, you can quickly get your SmoothWall firewall back up and running again.
What's the catch? Well, SmoothWall Express is limited to a single CPU and 1GB of RAM, but that's not likely to be an issue for even a couple hundred users. The real limitation is the lack of support. While there's a robust user community, you're mostly on your own with this. Of course, not surprisingly, there are a number of paid and supported products sold by the commercial arm of Smoothwall.