• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Looking for something like smoothwall....

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

PCGUY112887

Member
Joined
Oct 9, 2003
Location
Illinois
I am looking for something like smoothwall for Windows. If you don't know what smoothwall is, it's a linux based firewall that you install on an old comp and it takes care of all of your incoming traffic. I want to me able to load blocklists into it, and create advanced rules (opening ports, etc). Also if something is blocked from the blocklist I want to have the ability of seeing it be blocked (like in a log) and be able to set it to allow. Right now I use Zone Alarm on each of my computers and everytime I want to go to a site that is blocked by the blocklist.. it just doesn't let me go and I can't allow it without trying to find the IP for it and removeing it.

Any suggestions? What I want to do is just have the connection going from my modem, to that firewall comp, then to my router then out to my computers from the router.
 
I'm curious why you just don't use Smoothwall?

Smoothwall is an firewall-integrated NAT gateway. It isn't a great idea to use windows as a firewall for your network... Not only are there almost-daily patches that you need to keep up to date, but providing the same services as smoothwall would start so many exploitable services.

I'd recommend just using smoothwall, freesco, or many of the other router distributions.
If you are just looking for the firewall of a similar scale, you can try CHX-I, which isn't a personal firewall, like zonealarm, it's a real packet filter.
 
Well I have not read a lot into Smoothwall, but I know jack crap about *nix :p
Also the feature of loading blocklists and being able to allow connections (just like in zone alarm how you can stick something in the trusted zone really easielly) is very important to me, can you do that with Smoothwall?

Thanks :) (me thinks I need to check out the smoothwall forums ;))
 
The great parts about router distros is that you don't need to know anything about *nix to use them. In fact, knowing things about *nix usually makes you want to customize it more, and end up formatting it, dropping on your favorite distro, and configuring it from scratch manually. (This is what I ended up doing ;))

As for custom rules, you can put them in to smoothwall, but they are more in the league of port forwards.
 
I would suggest you buy a linksys router.

I saw on TechTC (programme: The Screen Savers: www.thescreensavers.com) that there is a special firmware some group released which gous on your linksys router and gives you 10 times more features than on a regular linksys. Its same as running smoothwall.
It fully unlocks the linksys as well. e.g. you can access it via telnet or ssh just as well u access smoothwall machine.

I do not know the details, but you can do a search on thescreensavers.com website.
 
PCGUY112887 said:
Well I have not read a lot into Smoothwall, but I know jack crap about *nix :p
Also the feature of loading blocklists and being able to allow connections (just like in zone alarm how you can stick something in the trusted zone really easielly) is very important to me, can you do that with Smoothwall?

Thanks :) (me thinks I need to check out the smoothwall forums ;))

If I understand you right, smoothwall can do that. I run smoothwall and I love it. You can change/configure so many things. Are you talking about blocking certain IP's?
Is this what you mean?
http://www.unreal-systems.net/SWE

Also smoothwall is cool since you can have 3 NIC's installed. 1 for net connection in, 1 to go to the router, and 1 can go to an external server (and it stays outside the firewall while your other computers stay protected). That way you can port-forward to it. Plus you can run things like SSH (you can do so many things remotely), FTP, and stuff like a Ventrilo server. Much more than a basic router with firewall.
 
my smoothie is so tricked out, i got updated versions of snort and squid, with squid caching on a 40 gig maxtor! woot i also got dshield and dansguard installed with bandwith monitors!!! :). and some major kernel recompilage with QoS support so i can upload files and play games at the same time. port prioritizing rocks!

and there are some guys that are also making a blue network, so now it will be 4 nics instead of three :)
 
I'm curious, and do not mean to threadcrap in any-way-shape-or-form, but there's obviously some fellow smoothwall users in this thread, as well as the always knowledgeable su root...

*IS* smoothwall the best linux firewall distro? does a FreeBSD based version, such as m0n0wall offer some benefits?

Right now, I'm using an older RC version of smoothwall. It is the last release candidate before the current version was released, so its very similar in most respects. The problem is i've tried installing the latest version on another, somewhat slower machine (Pentium 233 with 32mb of RAM), but for some reason it doesn't work. It hands out weird IP's to my machines here on the network, and they don't get 'net access. I set it up just like the version thats running on a newer temp box, and have tried multiple times, but no luck so far.

Anyways, sorry for the long post and i'm curious to see what you all recommend.
 
The latest version of smoothwall should support 32Mb of RAM but in realaity a lot of users have struggled, it only really works then if you disable DHCP and Snort. I love my smoothwall :-D (cough , sorry sad geek moment over)
IPCOP is another one to look at, very similar to Smoothwall but has a few more configurable items on its web interface.
 
Mr. Chambers said:
I'm curious, and do not mean to threadcrap in any-way-shape-or-form, but there's obviously some fellow smoothwall users in this thread, as well as the always knowledgeable su root...

*IS* smoothwall the best linux firewall distro? does a FreeBSD based version, such as m0n0wall offer some benefits?

"Best" is a weird word when it comes to computers... there is no clear winner here. Smoothwall is a nice, well-rounded distro.

Other nice ones include:
http://www.clarkconnect.org/ - another comparable distro. A few more advanced options, less newbie-ish options.
http://www.astaro.com/ - This one costs money, but you get a lot more features (mainly advanced ones)
http://www.coyotelinux.com/ - Floppy-based router distro... almost no features, except basic router functionality.
http://www.freesco.org/ - another "small" router distro, not floppy based though.

The "best" for security would be something built on BSD, that can take advantage of ipfw, a nice bsd firewall. I would use OpenBSD, and really lock it down manually.

The "best" for functionality would be astaro, but I don't know anyone (including myself) who would use all of the features on it. Just find a set that you like, and disable anything you aren't using.

The "best" for "replace a router"/general use would be smoothwall.

Personally, I have custom Gentoo boxes at the edges of my network. They are locked down and have custom firewalls, intrusion detection, and caching of all kinds. This is the best solution for me.
 
Last edited:
su root said:
"Best" is a weird word when it comes to computers... there is no clear winner here. Smoothwall is a nice, well-rounded distro.

Other nice ones include:
http://www.clarkconnect.org/ - another comparable distro. A few more advanced options, less newbie-ish options.
http://www.astaro.com/ - This one costs money, but you get a lot more features (mainly advanced ones)
http://www.coyotelinux.com/ - Floppy-based router distro... almost no features, except basic router functionality.
http://www.freesco.org/ - another "small" router distro, not floppy based though.

The "best" for security would be something built on BSD, that can take advantage of ipfw, a nice bsd firewall. I would use OpenBSD, and really lock it down manually.

The "best" for functionality would be astaro, but I don't know anyone (including myself) who would use all of the features on it. Just find a set that you like, and disable anything you aren't using.

The "best" for "replace a router"/general use would be smoothwall.

Personally, I have custom Gentoo boxes at the edges of my network. They are locked down and have custom firewalls, intrusion detection, and caching of all kinds. This is the best solution for me.

Thanks a bunch su root for posting. Yes, I'm well aware "best" is a hard word to grasp in this kind of hobby/work. But I was thinking what would be the "best" for my situation, and you layed it out pretty well I think. Replacing a broken Linksys Router, but still want something that's easy to use, doesn't require me to learn linux yet (still working on that battle!), and actually works well, (aka - will keep my systems as safe as a router would).

Unfortunately the reason I ask, is I have that older version of Smoothwall working as far as I can tell on my old 1700+ /w 256mb of RAM and 40gb Hard Drive box. Needless to say that machine could be doing more useful things for me, thats why i dug up the old 233 machine.

coin, you said that with only 32mb of RAM you'd have to disable DHCP? Maybe thats why it isn't assigning IP's to my computers correctly after initial setup, interesting indeed. I always assumed 32mb would be enough, as I didn't think those set-top routers had anywhere close to 32mb of RAM, granted I know they didn't have to hold an OS among other things in their RAM either...
 
All routers have an OS it's just that it is much more cut down than Smoothwall :-S If you can bung some more RAM in there or disable snort (not really needed) then all should be well. Also check your DHCP settings you may have overlooked a tick box (done it myself often enough) If you still have probles then it may be worth loking at a floppy based router/firewall, just as effective but not as tweakable
 
coin said:
All routers have an OS it's just that it is much more cut down than Smoothwall :-S If you can bung some more RAM in there or disable snort (not really needed) then all should be well. Also check your DHCP settings you may have overlooked a tick box (done it myself often enough) If you still have probles then it may be worth loking at a floppy based router/firewall, just as effective but not as tweakable

well i have an older version running no problems on a newer box, for some reason this older box refuses to work correctly. the install goes fine, as does the setup, i do it just like my other box. but when i reboot everything, it doesn't assign address correctly. my main box here gets something crazy like 167.116.27.164 for example.

i dont have anymore RAM to put in there, because it uses EDO me thinks.. lol. how do i disable this snort, and what is snort exactly?
 
Mr. Chambers said:
well i have an older version running no problems on a newer box, for some reason this older box refuses to work correctly. the install goes fine, as does the setup, i do it just like my other box. but when i reboot everything, it doesn't assign address correctly. my main box here gets something crazy like 167.116.27.164 for example.

i dont have anymore RAM to put in there, because it uses EDO me thinks.. lol. how do i disable this snort, and what is snort exactly?
If it's a 169.x.x.x address, that means that DHCP isn't set up or working correctly on the server.

Check your DHCP configuration on the router box.
 
Snort is a network intrusion detection tool, it helps to expand the details of attaempted attack on your network. It is not part of the 'firewall' itself only a secondary tool. Turning it off will not leave you vulnerable. I'm trying to remember which screen it is turned off with (been so long since I changed anything on mine) It will be called Snort or Intrusion detection
 
ah, i see where to turn it on and off in the settings that you get to by connecting to the smoothwall box from another PC on the network, still can't get this slower machine to work though... perhaps i'm stuck wasting this 1600+ and 256mb of RAM on a firewall :p
 
Mr. Chambers said:
ah, i see where to turn it on and off in the settings that you get to by connecting to the smoothwall box from another PC on the network, still can't get this slower machine to work though... perhaps i'm stuck wasting this 1600+ and 256mb of RAM on a firewall :p
What exactly is the problem you are having? The slower machine should be able to do anything the 1600+ can, it'll be a little bit slower.. I had a K6-2 200mhz do routing, firewall, ids, webserving, ftp serving, etc, etc etc, with 64mb of edo ram.
 
su root said:
What exactly is the problem you are having? The slower machine should be able to do anything the 1600+ can, it'll be a little bit slower.. I had a K6-2 200mhz do routing, firewall, ids, webserving, ftp serving, etc, etc etc, with 64mb of edo ram.

for some reason this older box refuses to work correctly. the install goes fine, as does the setup, i do it just like my other box. but when i reboot everything, it doesn't assign address correctly. my main box here gets something crazy like 167.116.27.164 for example, and the internet nor does my network here work.

i'll be trying once last time tonight or tomorrow before i just plain give up and try it on a different box, to see if it isn't just some sort of incompatibility.
 
Try manually assigning yourself an IP address. It's probable that the DHCP server on the smoothwall has either died, or has been misconfigured. Find out what settings it would have given you, and use them:
IP Address: [something in the same subnet as your router, i.e. 192.168.0.50 if the smoothwall is 192.168.0.1]
Subnet Mask: [same as smoothwall box, e.g. 255.255.255.0]
Gateway: [smoothwall box's IP]
DNS Server: [smoothwall box's IP]

Another possibility is that the "internal" network card isn't configured correctly (i.e. missing a driver)
 
Back