I'm currently raking through the vast amounts of information here at OCF on smoothwalls, as I'm wanting to set one up when I move to my new apartment at the end of august. I have plenty of time to plan it all out and piece together a rig for it. (college student = not a lot of extra hardware laying around)

Probably end up with a socket 478 celeron in an old abit VT7 that I have laying around...

Question is, can I have my smoothwall double as a fileserver?

My ideal setup:

The smoothwall would have 3 NICs (is this possible)... 1 (wired) to the internet jack in the apartment, 1 (wired) to my desktop pc (main rig), and 1 (ideally wireless) for my laptop to use around the house. I'd like to not use wireless for my desktop, which is why I'd need 3 NICs.

I also have 2 120 gig seagates that I'd throw in there, and they could hold all my backed up dvd's and music, and hopefully my desktop could just stream it off of the smoothwall. Would a 478 setup with a gig (or so) of RAM be able to do a full dvd stream to another PC on the LAN? More than likely it'll be all 10/100mbit, I can't afford that copper stuff yet.

If this is NOT possible, could I build another rig to be the fileserver and have 4 NICs in my smoothwall? This has me worried about power consumption and heat now...

If my solution IS possible, please tell me what I should know/look out for. :D And how can I make sure no one else could use my wireless NIC in my smoothwall for access... how do I secure it?

Thanks guys! :)

Yes Linux NAT can hold as many NICs as you have PCI slots and let that PC act as a switch as well. A P4 is overkill for a fileserver. Any old Pentium with 128MB or so would do. If the datarate of that DVD doesn't exceed the 100Mbit/s it will work. However you rarely get the full 100MBit/s file transfer rate with that wonderful protcol called SMB/CIFS.

Linux has WEP and WPA support. Things like MAC filtering are a given. And if you really want to secure it you could make it a VPN only but then you might get in trouble with your wifi clients. Just make sure there is a Free and source-available driver for the wireless card you buy.

Since you want more than a router/firewall, I'd suggest you use a general purpose distro and run either a simple iptables setup or a shorewall or such. Cleaner than hacking Samba and other server services ontop of a smoothwall. Especially when upgrades or security fixes happen. Smoothwall is designed as an appliance, not necessarily designed for uppgrading it.

i do believe there are mods for smoothwall to add a fileserver, but i wouldnt do it. kinda negates the whole purpose of a standalone firewall, which is what smoothwall is really all about.

it's possible but not recomended from a security standpoint. You want to keep those things seperate if you can, it's just one of those do you wanna take the risk type things.

I think Kiligens said it best with going with a standard distro that does all that such as Fedora, etc. I know that there are mods for Ipcop (written in French Translated thanks to Google)

http://translate.google.com/translate?hl=en&sl=fr&u=http://www.finix.eu.org/spip/imprimer.php3%3Fid_article%3D51

If I am not wrong Ipcop, which is a spin off of Smoothwall is developed on Fedora Core/ Red Hat. You can insert the firewall into an existing distro and have that run within Fedora or Red Hat and then write it to the master startup config to begin on boot. This would give you the best of both worlds along with a ton of configurability. I completely understand your desire to put this in one box because the cost of electricity isn't going to go down any time soon.

Finally, I would look into using pfSense. www.pfsense.com This is a personal favorite of mine because it incrediably stable. My parents pfSense box has an uptime that is incrediable. They have really no clue what it does as long as it keeps doing what it should be. pfSense allows you to add as many NICs as you could possibly dream of and configure them as you wish, but there is little to nothing configured in firewall rules so if you add wireless to this box, it is important to make sure that your firewall rules are going to restrict someone using your wireless who is out to cause harm.

Speaking of harm, the basis of any router/ firewall is to do that keep the people you don't want on your network on your network. If Samba is configured correctly you shouldn't have any issues, but a badly configured firewall is a badly configured firewall and adding Samba to it will just addon to a potential headache.

I would personally try to find another box with a 486x or early p1 processor with three nics and 64-128 MB of RAM and a compact flash card for a hard drive as router so that it uses the least amount of wattage possible therefore giving you more latitude to start it up and leave it running without worrying about the electric bill. Then I would have another box on the LAN with the SAMBA server on it and a WAP network (the preconfigured blue in SW and Ipcop).

If you want a separate router only on 486 basis, then use a floppy router: a router that fits on a single 1,44 floppy. 16MB RAM are minimum. 32MB better. If you also use that 486 as a switch, it will degrade file transfer speeds since a 486 isn't really made for PCI even if you get a PCI board. Suitable floppy routers are coyote linux, fli4l, etc. There are about 10 different versions or so, some are even closed source.

For Samba to be configured correctly security wise there are only 2 lines needed in the config file:
interfaces = eth0 eth2 lo
bind interfaces only = yes

In this case eth1 is a public interface (towards the internet), others are towards the internal LAN

Well hell. You guys just went way over my head lol. I was hoping it wasn't going to be this complicated. I guess I'll just build a smoothwall and have the extra drives in my main rig.

I don't think I can afford the space/heat/electricity from having 3 seperate boxes in my bedroom... Maybe I can build a SFF set up for the smoothie...

It's not complicated. E.g. a simple router is done with apt-get install ipmasq dnsmasq. If you want to work it as a DHCP server you need to edit one file. That's it. Samba you need to edit another file and run smbpasswd to add user(s). However there rarely is a point+click interface under Linux. You edit documented configuration files, that's all.

You could also try Clarkconnect or SME server.
http://www.clarkconnect.com/
http://contribs.org/modules/news/

They are dual-purpose distros already configured to be a firewall/fileserver as well as Mailserver and webserver if you want.

what you are looking for is clark connect.

i was going to do that, but clark connect is garbage compared to smoothwall.

i ended up just getting a separate file server, and its way worth it