Linux

SmoothWall removes the pain from implementing a Linux firewall/gateway

If you're looking for a solid and simple firewall, feast your eyes on the SmoothWall Linux distribution. In this Daily Drill Down, Jim McIntyre helps you smooth out your security wrinkles.

Installing and configuring a Linux firewall can be one of the most difficult tasks Linux administrators face. In addition to actually configuring the gateway, few admin pros have expertise with securing the network through ipchains.

Not to worry. The SmoothWall Linux distribution simplifies the otherwise daunting task of sharing Internet connections and providing network security. This relatively new Linux distribution is used for one purpose: to provide an easy-to-configure firewall with minimal hardware requirements. Typically, you can convert an older desktop system that has outlived its word-processing and Web-surfing usefulness into a formidable firewall box. SmoothWall is able to run on processors as old as a 386 with 8 MB of RAM. In this Daily Drill Down, I’ll discuss how to install and configure SmoothWall.

What you need
  • Intel-based PC (386 or greater) with 8 MB of RAM
  • CD-ROM drive
  • 100 MB of disk space
  • Access to a CD-ROM writer

Warning
SmoothWall will erase all partitions and information on any hard drive where it is installed. Also, SmoothWall works best when the machine used for firewalling doesn’t provide any other services (FTP, sendmail, etc.). Once SmoothWall is installed, it’s best to designate the host machine exclusively as a router/firewall.

Once you have a machine selected for the install, you're ready to install SmoothWall.

Step 1: Getting SmoothWall
SmoothWall is available as a download from its official Web site. The package is downloaded in ISO format, so you'll need to burn an image of the distribution prior to installing. I used version 0.98 while preparing this Daily Drill Down. The procedure for actually burning the image will depend on the CD-writing software you use (Nero, xcdroast, etc.).

Step 2: Create the boot floppy
If the host machine has a bootable CD-ROM, skip this step. If not, use the following procedures.

Making the floppy with Linux
  1. Insert the SmoothWall CD into the CD drive and mount the CD-ROM.
  2. Insert a blank floppy into the floppy drive and type the following command:
dd if-smoothwall-disk1-0.98 of=/dev/fd0 bs=1k count=1440

Making the boot floppy with Windows
  1. Insert the SmoothWall CD into the CD-ROM drive.
  2. Double-click on My Computer.
  3. Change directories to d:\dosutils.
  4. Double-click on either rawrite or rawritewin.
  5. Follow the instructions to create the bootdisk.

Step 3: Begin the installation process
Boot the host machine from either the CD-ROM or the boot floppy. A warning about SmoothWall removing all information from the hard drive will appear. When you receive a prompt for the installation method, select CD-ROM and press [Enter]. If booting from floppy, insert the CD into the drive at this point. The installation will then begin and SmoothWall will repartition your hard drive.

Network device names
The standard method for identifying network interfaces in Linux is to name the NIC connected to the ISP eth0 and the NIC connected to the internal network eth1. SmoothWall uses a different method. The NIC connected to the ISP is called the RED interface, and the NIC connected to the internal network is called the GREEN interface.

Step 4: Configure networking
Once the hard drive is partitioned, your next installation step is to configure the GREEN (internal network) interface. If your ISP requires that you use the NIC it has supplied, tab to the Select option within the installation process and select the correct driver from the list. By selecting the driver, you’re able to force SmoothWall to use the specified NIC for internal access.

Once you select the driver, enter the IP address and netmask for the GREEN interface. Select Done and then press [Enter]. The SmoothWall filesystem will now be installed in only a few minutes.

The next prompt will ask you to enter the hostname. Supply the name for the SmoothWall box and select Done.

The next option is for ISDN configuration. If you don't use ISDN, select Disable ISDN.

The next screen shows the Network Configuration menu. Use the following procedure to configure networking:
  1. Select Network Configuration Type and press [Enter]. Several choices will appear with the next menu.
  2. Select GREEN/RED for a cable or ADSL installation.
  3. Select GREEN if you use a dial-up connection.
  4. Next, go to the Drivers And Card Assignments option and press [Enter].
  5. Select the RED interface and select Probe.
  6. Press [Enter] and select Done when the correct driver is chosen for the RED interface.

Now you need to select the IP Address Settings option and press [Enter]. Select DHCP if your ISP provides your IP address. Enter the IP address information if you use a static IP address.

Next, go to the DNS And Gateway Settings option and press [Enter]. Type the correct IP addresses for your DNS servers and your gateway. This step isn't required if you selected DHCP in the IP Address Settings option.

Once the DNS and gateway information is entered, select Done and press [Enter]. SmoothWall will now start your configured network connection, complete with IP masquerading and firewalling.

The next three prompts ask you to supply passwords. The root user is required on all Linux/UNIX systems. Supply the root password. The setup user has access to the Network configuration settings. This allows users other than root to configure the system without having complete access. The admin user will normally use Web-based access to configure SmoothWall. This user may allow or disable various forms of access, including FTP and Secure Shell (ssh).

That's it. You have now installed and configured an operational gateway/firewall. The next step is to reboot the system.

Step 5: Testing the configuration
Once SmoothWall is up and running, the next step is to test your firewall. First, make sure you can access the Internet from the SmoothWall box. Run the following command:
ping -c 3 www.techrepublic.com

A successful reply means your host can access the Internet. Next, if your workstations are configured, try to ping one. On my network, I ran this command:
Ping -c 3 176.16.1.10

Just substitute the IP address for the address of a host on your LAN. If you haven’t configured the hosts on your LAN for your new firewall, your next step is to configure Internet access via the SmoothWall box for the computers on the local network.

Step 6: Configuring client machines
To configure your Windows 9x network clients, use the following procedure:
  1. Make sure there is a working NIC in the client PC.
  2. Go to Start | Settings | Control Panel and click the Network Settings icon.
  3. When the network window opens, select Add, select Protocol in the next window, and click on Add again.
  4. From the list of manufacturers, select Microsoft, and in the right-hand window, select the TCP/IP protocol. Click on OK. At this point, you’ll probably be prompted to insert your windows CD. Once TCP/IP is installed, you’ll need to reboot the client.
  5. After the client machine is rebooted, go back to your network settings and configure the TCP/IP properties.

The easiest way to connect to the SmoothWall box is to use the DHCP server included with SmoothWall. If you’re using DHCP, select the option Obtain An IP Address Automatically. When the machine reboots, the SmoothWall host will assign an IP address.

If you’re using static IP addresses, select the option Specify An IP Address. Next, enter the IP address and subnet mask for the client computer.

For the gateway address, use the IP address of the GREEN NIC in the SmoothWall host.

Next, enter the IP addresses for the primary and secondary DNS servers provided by your ISP. When these settings have been entered, click on OK and reboot.

Different Windows releases
Depending on which release of Windows you’re using, the above instructions will differ. The instructions listed were accomplished in Windows 98.

Step 7: Testing SmoothWall
When the client computer is rebooted, start your browser and enter the IP address of the SmoothWall router. For example, the IP address for the GREEN NIC on my SmoothWall box is 176.16.1.100. I enter http://176.16.1.100 in the location bar of any browser, and I see the SmoothWall startup screen. If you see this screen, SmoothWall is up and running.

Next, try to access any Web site to confirm that you can surf. If you encounter problems accessing the Internet, try the following checks:
  • Check the TCP/IP settings on the SmoothWall host. Make sure all of the addresses and subnet masks are correct.
  • Make sure the NIC accessing your ISP (RED) is the correct card. Some ISPs will provide access only when the MAC address on the NIC is correct.
  • Check the TCP/IP settings on the client computer.

Conclusion
Routing and firewalling often are the most difficult problems administrators face. The SmoothWall Linux distribution provides a simple solution for both problems. With a minimal investment of time and hardware, an administrator is able to have a combined router and firewall running in approximately 15 to 30 minutes. SmoothWall provides good security through ipchains and allows Internet connection sharing through masquerading.

For a simple yet powerful security solution, or for a great tool to learn about TCP/IP security and routing, SmoothWall Linux should be your first choice.
0 comments

Editor's Picks