If one thing should be at the forefront of every system administrators mind, then it is security. Microsoft has been taking a lot of flack about not being as secure as they could be, and there has been a market swing in the use of the Firefox web browsers as a result. Some are also seeing a similar swing in the server market. But what does this have to do with firewalls? Well, just like switching web browsers or servers away from Microsoft, a Linux firewall means added security and possibly even increased browsing speed. In this tutorial you will learn the easiest way to get up and running with a 10 minute Linux firewall.
Instead of going into great detail on many different distributions, this tutorial will stick with the one that is known to work, and to work fast. The one that is something any Windows user could install and configure in a matter of minutes. That one is Smoothwall.
First things first, and you need to burn the .ISO CD after downloading Smoothwall. Use your favorite burning software, Nero 6 is fine for example. Set it to burn an image file and choose .iso, allowing all the default settings to complete your burn.
Assuming you now have the image burned to disk, you will next need a spare computer to run things on. Most people are surprised by the limited resources that Linux can work with, and the distribution you will be working with, Smoothwall Express, is no exception requiring just the following hardware specification:
- 150Mhz Processor or higher
- 64MB of RAM…more is recommended
- 2GB IDE hard disk
- IDE CDROM
- Any Video Card
- Any monitor
- Any Keyboard
- Mouse Not needed
- 2 Network Cards (since this is our firewall…one needed for standalone)
- SDN/DSL/Cable Modem and Access
This tutorial assumes that you have a cable modem but if you require help setting up other forms of access it will be provided for you after the install anyway. Before you go any further, however, you should note that older computers sometimes do not have bootable CD-ROMs. If your computer does not allow a boot up off of CD-ROM then you can use Smoothwall to create a boot CD by loading the Smoothwall CD into a Windows 95/98/XP/2000/NT Computer that you have spare and letting autorun pop open a dialog for you. Browse the CD for the installation guide that is in .pdf format and open it up. It will explain everything about booting off the floppy drive that you need to know.
OK, now that is sorted, you can let Smoothwall take you through an installation routine that is fairly straightforward. Just hit return on the first two options which ask you where you want to install from. They are default selected for a CD-ROM install which is also the assumption for this tutorial.
Smoothwall uses three interface models: green (which will be the network card you use to connect your firewall to the rest of your LAN), orange (also referred to as a demilitarized zone or DMZ and used for computers you connect to the internet but that you don’t trust as much as your LAN computers) and finally red (which is connected to the outside world.) Throughout this tutorial those interfaces will be referred to using the relevant color codes, so remember them.
You should follow all the prompts to install onto your hard disk, and eventually will arrive at a basic network configuration screen. Configure green first, this will be your network interface card (NIC) connected to the LAN. Using manual settings, input an IP address of your choosing or use: 192.168.0.1 subnet: 255.255.255.0
Next comes the RED interface, the NIC that connects externally to the internet either through a modem or directly. This card should autodetect and get an IP address from your ISP. The option you can select when the green interface selection appears is ‘probe’. Smoothwall will probe your computer for the correct NIC and attempt to install it. If it cannot install, you can select manual and select from the list your NIC card. After installing the first NIC, Smoothwall will attempt to install the second as well for your red interface. Remember to assign your green interface with an IP address of your choosing or the one specified above.
After your network is configured, Smoothwall begins its stock install. Sit back and relax for approximately 1 minute. The CD will eject upon completion of install. All together, this should take no more than 5 minutes, and often much less. After the installation you will be prompted to setup your install. Here you can opt to restore from a backup floppy, map your keyboard, and select a hostname. A hostname is a name that you can call your computer that will allow you to remember it and find it on the network. The default hostname is smoothwall, note that yours should also be lowercase and alpha characters. Type in your hostname and select ‘OK.’
The next screen will prompt you to enter information about your web proxy (ISP’s sometimes have one and require their users to use it.) If you don’t know about this leave it blank and hit OK. Smoothwall checks for any dialup connections, so disable/default out of this because you will be able to configure it later after setup completes. ADSL connections come next, and although not covered in this tutorial you can easily set these up later as well. Disable this feature using the selection screen and continue.
Now the network chooser menu should appear which will allow you to configure your red, green and orange network how you want. Carefully read each option. For example, when writing this tutorial and connected directly to the modem with the Smoothwall machine with a second NIC for the LAN with no third NIC for the DMZ, green and red were selected. See the installation manual on your burned CD for more info on ADSL, ISDN, and dialup configuration. The dialogue will ask you to confirm your choices at the end of configuration. Remember to choose DHCP enabled on your red interface so that the ISP can give it an IP address and to manually assign your green interface an IP address.
The final option you have is to input your DNS and gateway information. Your ISP should be able to provide you with the numeric IP address of your DNS servers. If your ISP does not use a gateway server to provide services then leave gateway blank. Indeed, if you are in any doubt then also leave gateway blank.
Now you can configure DHCP (IP address assigning) for Smoothwall. This will enable any computer that is connected on your LAN to automatically pick up an IP address and join the LAN. This makes it nice for game sessions, for example, when you have many computers connected at the same time and don’t have time to tell each person what your LAN IP is and what your subnet mask is. They simply plug and play!
Enable DHCP on the selection screen by selecting it with the spacebar. Define a range of IP addresses, the default lease time and max lease time are in minutes. You can safely leave these on their defaults. Then you should choose your three administrative passwords. First, setup your root password. Next setup your ‘setup’ user password. This setup user can login via SSH connection and the setup program you are going through will be run again. Lastly, the admin user which is not a Linux user but rather a user you will login with via the Smoothwall web interface.
And that us it, the installation and configuration is finished and you are all set. You will be prompted to register with Smoothwall and your firewall is ready to go! You’ll want to login to your interface right away to upload any patches that need to be installed using your admin user. The quickest way to do this is to hop on any computer on your LAN (besides the smoothwall one) and type https://192.168.0.1:441 or https://hostname:441 in a web browser (where hostname is your hostname you chose previously). You will be prompted for your login info. Use admin and watch as you are greeted by a Smoothwall status page!
To learn more about Smoothwall visit the main page at smoothwall.org and select the ‘docs’ tab. The forums are also extremely helpful and many knowledgeable people can help you with any problems that may arise. Hopefully, your install went well and everything is working for you! If not, don’t forget that the installation guide is on your CD that you made!