Is Smooth Firewall good?

Anyone know much about SMOOTH FIREWALL?

Thanks

 

Are you referring to Smoothwall, a firewall/OS package that converts a PC into a hardware firewall? Smoothwall makes an old PC into a good hardware firewall. It is not a firewall that installs on Windows. I've used it for about 2 years and am quite happy with it.

 

Yeah that's it

So I install it on an old PC and it becomes a hardware firewall?

 

I used smoothwall many years ago, its easy to use and works well. I resurrected an old pentium II 266mhz with 64mb ram and 2gb hard drive and installed smoothwall on it.

 

Yeah, works nicely... There are also alternatives like m0n0wall or IPCop.

 

It's almost that simple. The PC you use will need at least 2 network cards, 3 if you need a DMZ, aka demilitarized zone, defined here. Chances are you don't need that 3rd card. Smoothwall comes as an ISO, which is burned to CD and makes the CD a bootable installer.

You'll also need a crossover cable. A crossover cable looks just like a normal ethernet cable but is wired differently. Quite often they're red. This is needed whenever 2 network cards are connected together, such as the one on your PC to the one on Smoothwall. I wasn't aware of this at first and couldn't figure out what was wrong.

Install the network cards, then install Smoothwall. There's some configuring to do but it's not that bad. Mainly card assignments and basic network setup. When the initial install and setup are done, Smoothwall can be configured via the browser. Once it's all done, the Smoothwall PC doesn't need a monitor, mouse or keyboard.

I haven't tried Smoothwall 3, been using version 2 for about 2 years. I installed it on a P5-133 with 32MB RAM. It's fast enough for 864/160 DSL. Since Smoothwall runs on a small Linux system, it's not like Windows and its needing regular restarting. Even on my low power hardware, mine has run for 6 months and longer with no problems.

 

And how is that better than a software firewall, such as COMODO or ZoneAlarm?

 

Thanks for the time you invested into telling me this. Great tip about the crossover cable. I will keep that in mind.

 

Does anyone know how I can get Content Filter on Smoothwall? What are my FREE options?

 

I feel its better due to the fact that its a seperate stand alone unit. If your computer is somehow compromised smoothwall will still continue protecting you. A software firewall may not. Plus it allows you the option of not running a software firewall which helps free up system resources and eliminate potential conflicts.

 

Good points, thanks.

Any ideas how to get a free content filter installed on Smoothwall?

 

FYI, I believe the crossover cable is only necessary if you patch directly from the smoothwall PC to your personal PC. If you have a router between smoothwall and your PC then you would use regular ethernet cables. I'm pretty sure this is how I had it setup when I used smoothwall for a while, but perhaps someone will chime in and confirm...?

 

If "newer" nics are used I do not think a crossover cable is needed at all. Nics for the most part are auto-negotiating.

 

The network card I bought earlier this year still required the use of a crossover cable. It was an EtherFast, made by Linksys.

That is basically correct. Then again, if you use a 4 port ethernet card, Smoothwall could also serve as the router. I don't know which ones would be compatible. Their forums would be the place to ask that. Another company makes a PCI ADSL modem that can replace the standard DSL modem most ISPs supply. At least one of these is compatible with Smoothwall. With the right cards, Smoothwall could replace much of the network hardware. In some cases, all of it.

Hardware and software firewalls are not entirely comparable. Each has their strengths. A hardware firewall is more resistant to malware because it's separate from the PC and isn't affected by exploits of Windows and other user software. This is often used to claim that hardware firewalls are stronger than software firewalls. In reality, both are software firewalls. Hardware firewalls just have their own operating system. What makes software (installed on Windows) firewalls weaker in comparison are the weaknesses and vulnerabilities of the operating system they're installed on, plus all the vulnerabilities in all the other installed software.

Hardware firewalls do not control traffic on an application level. They're not "aware" of individual applications, just whole PCs. Whatever they pass or block applies to everything on the PC. Only a software firewall can control internet access for individual applications. A hardware firewall can control traffic to and from specific ports, which will give some control over certain applications.

Hardware firewalls don't come with HIPS like many other firewalls, but some like Smoothwall do come with IDS (Intrusion Detection System). It's more useful for businesses with large networks but the logs can be handy, especially if you want to keep up with what's trying to connect to you.

A hardware firewall is best viewed a shield in front of your PC. Their primary role is blocking inbound traffic. Routers also do this but hardware firewalls are more versatile. Myself, I use both Smoothwall and a software firewall (Kerio 2.1.5). Smoothwall provides the strength against unwanted inbound traffic and Kerio provides the control over internet access for individual applications. Unlike using 2 software firewalls, Smoothwall won't conflict with a software firewall or an installed security app. It's up to you if you also want a software firewal or if strong inbound protection from Smoothwall is enough.

I just checked all the network cards I have. All required the crossover cable to connect to another card.

 

Main difference is that the desktop firewall is more about application control than packet control.

 

Try a more "UTM" distro.....than a plain old NAT router distro...
UTM = Unified Threat Management...brings antivirus/antispam/intrusion detection features to the table.

Some UTM distros.....
The "Copfilter" add-on for IPCop
http://www.copfilter.org/
Endian
http://www.endian.com/en/
Astaro
http://www.astaro.com/

and..my favorite that I've been using for more and more of my business client networks...Untangle.
http://www.untangle.com/

Untangle has quite a few features the others don't have....such as an AntiSpyware component.

All your networks internet traffic pass through these...so it's a great added layer of protection.

Untangle is a layer 7 platform..so it CAN control traffic on the application level. You CAN control what traffic is allowed to/from the workstation.

And yeah, crossover cables have pretty much become extinct...gone the way of the floppy drive. With PCs coming with gigabit NICs for quite a few years now...part of the standard for gigabit is auto MDI-X..so the NIC figures it out for you. Plus most switches for quite a while now, even if 10/100, are also auto MDI-X.

Since implementing UT at some of my clients, the number of times I've had to go clean a PC that got hit with a Virtumonde/Smitfraud/ZLob trojan has plummeted. IMO, this added layer of protection for the network is worth it. And..it's an added layer of protection that doesn't slow down your PC like installing another application would. You get the benefit of scanning from other products, without having to install those other products.

Even for home use, I've not run a plain old off the shelf NAT router for a long time, I run these distros on an old laptop, which is great for the home user. You get a small footprint, low energy consumption, low noise and heat output...and it has its own built in battery backup!

All the above have "free" versions you can download/install. They are really very easy to install, setup, and manage...if you've been able to setup your own Linksys/Netgear/DLink router...you can do one of these. You do not need to know linux at all.

 

Hi YeOldeStonecat,

Do you know if those programs mentioned by you, use an AV etc or can use, and if yes, which one(s)?

Thank you in advance !

 

Hey Fanj,

Untangle uses clam av as part of the standard set of applications.
for $10 a month you can add Kaspersky as a second engine.

the spyware blocker can Filter Spyware by URL, Subnet, Cookie & ActiveX
or you can block all activex controls.

 

very intriguing. but would this be overkill for a home system with but one box on it? i was considering a Trendnet Firewall/Router for around $120-150, to use with Defensewalls outbound protection, whenever that comes about. but you say Untangle can control outbound as well as inbound at layer 7?

i like the laptop as the gateway too. what are the specs on it? how many boxes are run through it? how did you cram three nics into it?

thanks in advance to any of this you may choose to answer.

oh, and what about SPI or DPI? is the firewall stateful? and does the IDS use DPI?


Mike

 

The firewall uses standard linux iptables, which of course is stateful. The IDS uses a customized Snort (pretty much an overkill for home use).

 

Hi lodore,

Oops, sorry for not replying earlier

Thanks for your info

Keep the info coming, thanks !

 

With 1 box...perhaps overkill. I constantly try different *nix distros...across several laptops.

I frequently keep turning back to a distro called PFSense, because its QoS/Traffic shaping are tops. I can prioritize my online gaming, deprioritize the kids P2P traffic...and with 3x other PCs in the house...wifes aggressive online shopping 'n stuff..my online gaming is prioritized so they don't impact me.

However, back towards the subject of UTM distros....yes in my opinion Untangle is overkill for the single user, it's more for SMB networks. Since I deploy it frequently for my SMB clients, I need to keep familiar with it, so I have a couple of boxes running it at home now 'n then...an IBM Thinkpad T41 laptop with a Pentium M 1.6 a 1 gig, and an IBM @Server X335 with dual Xeons which is currently running UT 6.0 which I fire up now 'n then.

I run PFSense on an old IBM Thinkpad T23 which has a Pentium 3 1.0, 256 megs, onboard Intel and a PCMCIA NIC. I don't need a 3rd NIC/orange zone.

Another good UTM distro is Endian, which runs on older mid-range hardware such as the T23 above. It also has antivirus scanning, SPI 'n Intrusion, content filtering, etc. May be a good fit for you, it's a great distro. I used to use that at quite a few clients...have replaced most of them with Untangle due to better malware scanning with UT. But Endian is still heads 'n heels above the others IMO.

 

Untangle seems like a pretty slick app. Must give it a try.

 

yes, it's easy to see why Untangle would be overkill in my situation. are you suggesting to me the hardware Endian? i attempted to find pricing for the entry model to no avail...guess i will need to connect with a rep.

i actually like the software UTM PFSENSE over all of them. i like the logging and rules creation seems to be very comprehensive, but pretty stright forward.

thanks for your further input.


Mike

 

Endian has a community software distro you can download for free...and install on your own software. I've used it at some clients...it's very stable, a great little distro.

Even though it's not a UTM distro, I run PFSense at home mostly...because of its superior QoS/packet shaping features. I deprioritize P2P traffic, and prioritize VoIP and gaming traffice. So the kids downloading stuff doesn't impact my online gaming. Also has good IPSec VPN compatibility...I have it doing a full time tunnel to the cisco at the office.