1,105,546 Community Members

The 10 Minute Linux Firewall

Member Avatar
TKS
Posting Pro in Training
474 posts since Jan 2004
Reputation Points: 74 [?]
Q&As Helped to Solve: 18 [?]
Skill Endorsements: 0 [?]
 
-1
 

If one thing should be at the forefront of every system administrators mind, then it is security. Microsoft has been taking a lot of flack about not being as secure as they could be, and there has been a market swing in the use of the Firefox web browsers as a result. Some are also seeing a similar swing in the server market. But what does this have to do with firewalls? Well, just like switching web browsers or servers away from Microsoft, a Linux firewall means added security and possibly even increased browsing speed. In this tutorial you will learn the easiest way to get up and running with a 10 minute Linux firewall.

Instead of going into great detail on many different distributions, this tutorial will stick with the one that is known to work, and to work fast. The one that is something any Windows user could install and configure in a matter of minutes. That one is Smoothwall.

First things first, and you need to burn the .ISO CD after downloading Smoothwall. Use your favorite burning software, Nero 6 is fine for example. Set it to burn an image file and choose .iso, allowing all the default settings to complete your burn.

Assuming you now have the image burned to disk, you will next need a spare computer to run things on. Most people are surprised by the limited resources that Linux can work with, and the distribution you will be working with, Smoothwall Express, is no exception requiring just the following hardware specification:

  • 150Mhz Processor or higher
  • 64MB of RAM…more is recommended
  • 2GB IDE hard disk
  • IDE CDROM
  • Any Video Card
  • Any monitor
  • Any Keyboard
  • Mouse Not needed
  • 2 Network Cards (since this is our firewall…one needed for standalone)
  • SDN/DSL/Cable Modem and Access

This tutorial assumes that you have a cable modem but if you require help setting up other forms of access it will be provided for you after the install anyway. Before you go any further, however, you should note that older computers sometimes do not have bootable CD-ROMs. If your computer does not allow a boot up off of CD-ROM then you can use Smoothwall to create a boot CD by loading the Smoothwall CD into a Windows 95/98/XP/2000/NT Computer that you have spare and letting autorun pop open a dialog for you. Browse the CD for the installation guide that is in .pdf format and open it up. It will explain everything about booting off the floppy drive that you need to know.

OK, now that is sorted, you can let Smoothwall take you through an installation routine that is fairly straightforward. Just hit return on the first two options which ask you where you want to install from. They are default selected for a CD-ROM install which is also the assumption for this tutorial.

Smoothwall uses three interface models: green (which will be the network card you use to connect your firewall to the rest of your LAN), orange (also referred to as a demilitarized zone or DMZ and used for computers you connect to the internet but that you don’t trust as much as your LAN computers) and finally red (which is connected to the outside world.) Throughout this tutorial those interfaces will be referred to using the relevant color codes, so remember them.

You should follow all the prompts to install onto your hard disk, and eventually will arrive at a basic network configuration screen. Configure green first, this will be your network interface card (NIC) connected to the LAN. Using manual settings, input an IP address of your choosing or use: 192.168.0.1 subnet: 255.255.255.0

Next comes the RED interface, the NIC that connects externally to the internet either through a modem or directly. This card should autodetect and get an IP address from your ISP. The option you can select when the green interface selection appears is ‘probe’. Smoothwall will probe your computer for the correct NIC and attempt to install it. If it cannot install, you can select manual and select from the list your NIC card. After installing the first NIC, Smoothwall will attempt to install the second as well for your red interface. Remember to assign your green interface with an IP address of your choosing or the one specified above.

After your network is configured, Smoothwall begins its stock install. Sit back and relax for approximately 1 minute. The CD will eject upon completion of install. All together, this should take no more than 5 minutes, and often much less. After the installation you will be prompted to setup your install. Here you can opt to restore from a backup floppy, map your keyboard, and select a hostname. A hostname is a name that you can call your computer that will allow you to remember it and find it on the network. The default hostname is smoothwall, note that yours should also be lowercase and alpha characters. Type in your hostname and select ‘OK.’

The next screen will prompt you to enter information about your web proxy (ISP’s sometimes have one and require their users to use it.) If you don’t know about this leave it blank and hit OK. Smoothwall checks for any dialup connections, so disable/default out of this because you will be able to configure it later after setup completes. ADSL connections come next, and although not covered in this tutorial you can easily set these up later as well. Disable this feature using the selection screen and continue.

Now the network chooser menu should appear which will allow you to configure your red, green and orange network how you want. Carefully read each option. For example, when writing this tutorial and connected directly to the modem with the Smoothwall machine with a second NIC for the LAN with no third NIC for the DMZ, green and red were selected. See the installation manual on your burned CD for more info on ADSL, ISDN, and dialup configuration. The dialogue will ask you to confirm your choices at the end of configuration. Remember to choose DHCP enabled on your red interface so that the ISP can give it an IP address and to manually assign your green interface an IP address.

The final option you have is to input your DNS and gateway information. Your ISP should be able to provide you with the numeric IP address of your DNS servers. If your ISP does not use a gateway server to provide services then leave gateway blank. Indeed, if you are in any doubt then also leave gateway blank.

Now you can configure DHCP (IP address assigning) for Smoothwall. This will enable any computer that is connected on your LAN to automatically pick up an IP address and join the LAN. This makes it nice for game sessions, for example, when you have many computers connected at the same time and don’t have time to tell each person what your LAN IP is and what your subnet mask is. They simply plug and play!

Enable DHCP on the selection screen by selecting it with the spacebar. Define a range of IP addresses, the default lease time and max lease time are in minutes. You can safely leave these on their defaults. Then you should choose your three administrative passwords. First, setup your root password. Next setup your ‘setup’ user password. This setup user can login via SSH connection and the setup program you are going through will be run again. Lastly, the admin user which is not a Linux user but rather a user you will login with via the Smoothwall web interface.

And that us it, the installation and configuration is finished and you are all set. You will be prompted to register with Smoothwall and your firewall is ready to go! You’ll want to login to your interface right away to upload any patches that need to be installed using your admin user. The quickest way to do this is to hop on any computer on your LAN (besides the smoothwall one) and type https://192.168.0.1:441 or https://hostname:441 in a web browser (where hostname is your hostname you chose previously). You will be prompted for your login info. Use admin and watch as you are greeted by a Smoothwall status page!

To learn more about Smoothwall visit the main page at smoothwall.org and select the ‘docs’ tab. The forums are also extremely helpful and many knowledgeable people can help you with any problems that may arise. Hopefully, your install went well and everything is working for you! If not, don’t forget that the installation guide is on your CD that you made!

Member Avatar
koolhead17
Newbie Poster
8 posts since May 2005
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

gud one
sir

Member Avatar
anastacia
Junior Poster
142 posts since Nov 2004
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

hi well thats a gud one but i want to clarify some doubts before i proceed. i have downloaded this software and had it burned to a cd. now i have 2 pc's pc1 has windows xp professional and is working properly but i dont have 2 network interface cards. can i use only 1 ? will it work???


pc 2 is empy but i plan to install windows server 2003 standard edition (32 bit) and this one too has only i nic so ........... can i install this firewall on both pc without any problem and thta too using only i NIC ???
thanks a lot for your anticipated help.:lol:

Member Avatar
TKS
Posting Pro in Training
474 posts since Jan 2004
Reputation Points: 74 [?]
Q&As Helped to Solve: 18 [?]
Skill Endorsements: 0 [?]
 
0
 

hi well thats a gud one but i want to clarify some doubts before i proceed. i have downloaded this software and had it burned to a cd. now i have 2 pc's pc1 has windows xp professional and is working properly but i dont have 2 network interface cards. can i use only 1 ? will it work???


pc 2 is empy but i plan to install windows server 2003 standard edition (32 bit) and this one too has only i nic so ........... can i install this firewall on both pc without any problem and thta too using only i NIC ???
thanks a lot for your anticipated help.:lol:

No...you'll need two network cards...one card is for internet and one is for LAN. They're pretty cheap (usually around 20 bucks) so if I were you I'd pick up another network card and go for it :D

Member Avatar
anastacia
Junior Poster
142 posts since Nov 2004
Reputation Points: 0 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

thanks a lot will try to do it. but are you sure that it wont affect the windows os that i will be installing?

Member Avatar
TKS
Posting Pro in Training
474 posts since Jan 2004
Reputation Points: 74 [?]
Q&As Helped to Solve: 18 [?]
Skill Endorsements: 0 [?]
 
0
 

thanks a lot will try to do it. but are you sure that it wont affect the windows os that i will be installing?

You should install it on its own computer. This is mainly for routing traffic on your LAN so I recommend that you do not install it with any other Linux distributions OR Windows...it should be the only operating system on that PC.

Member Avatar
DanielGardner
Newbie Poster
9 posts since Nov 2005
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Thank you, TKS, for this. I'm about to do my very first ever install of anything Linux on an old PC, and chose smoothwall, but didn't quite know how to procede.

Thank you.

Member Avatar
jaydani
Newbie Poster
2 posts since Nov 2006
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Update - Smoothwall 3.0 is available - a year later. So upgrade and have fun.

Member Avatar
vicio
Newbie Poster
18 posts since Sep 2007
Reputation Points: 10 [?]
Q&As Helped to Solve: 3 [?]
Skill Endorsements: 0 [?]
 
0
 

Is Smoothwall a Linux distro or simply an OpenSource Firewall Application? I have to install it as the ONLY system on the computer, is that right?

Member Avatar
Dima Bilan
Newbie Poster
2 posts since Aug 2009
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Smooth wall is a solid product, pfsense is also something i can recommend

Another interesting linux based firewall i came across is ideco gateway , nice firewall

Member Avatar
princealway
Newbie Poster
4 posts since Aug 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
-1
 

The nice information have you given for the 10 minutes Linux fire wall . Still now I not use this software. But after read this article i like to use this one in future.

Member Avatar
prakash_d13
Newbie Poster
1 post since Aug 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

i have two isp line it possible to configure two isp's if one line goes down net will working throught 2 line
1->-ISP(pri)
=====> LAN (192.168.1.2/254)
2->-ISP(sec)

how to configure give me solution

Member Avatar
Fest3er
Posting Whiz in Training
242 posts since Aug 2007
Reputation Points: 39 [?]
Q&As Helped to Solve: 35 [?]
Skill Endorsements: 0 [?]
 
0
 

i have two isp line it possible to configure two isp's if one line goes down net will working throught 2 line
1->-ISP(pri)
=====> LAN (192.168.1.2/254)
2->-ISP(sec)

how to configure give me solution

Smoothwall Express 3 is designed to work with only one ISP. Modifying it to work with more than one ISP (multihome) is definitely a non-trivial task.

I spent 16 months updating Express 3's foundation. (I greatly enhanced the build system; upgraded the kernel, gcc, glibc, iptables; added initramfs, reiserfs, udev; and cleaned up the GUI a little. It runs on some very new Atom-based hardware now.) I'm still at it. But I haven't yet thought of a sane way to incorporate load sharing, load balancing or failover in Phaeton/Roadster. The use of four NICs (RED, GREEN, PURPLE and ORANGE zones) is too deeply embedded in the code. It won't be easy to abstract the zones to allow more than one NIC (or even bridge) per zone.

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: