[Lancaster] Firewall distros..

Wayne Ward wayne at lancastercomputers.co.uk
Thu Nov 19 00:13:06 UTC 2009 

what ive noticed so far is smoothwall is pretty closed off and full of
features which aint bad
updates can be run from inside the gui without having to download packages
to my computer and upload them in.
It also offers three options on install closed - open or half open, half
open being the default which sounds ok but need to read more into! it has
some strange plugins i never seen in ipcop such as sip filter and im filter
- which if enabled you can live watch peoples conversations in a console
LIVE! talk about snooping! also has a browser based console which could be
handy i suppose?.. all the clam engine updates with the update manager and
it looks like daily updates are under the hood ill have to poke into this a
tad more! snort has been changed you now have to get a code from snort.org
which you get after a free sign up and then you enter it when you enable it
then it pulls down the latest snort rules. the web proxy has a transparent
mode which will build itself into port 80 8080 so you dont have to put
proxy settings into all the web browsers! saves hassle and you get a pop3
proxy. all this is passed through clam antivirus and spamassasin. The
graphs for useage are live and very nice to look at and very detailed
graphs on cpu / memory usage. Ssh is enabled by a tick box and then you
have to ssh in using -p 222 switch to access the server, i see you can hack
a config file and change this the standard 22 port i dont see much point. I
have looked at some of the addons and some look pretty good - ill just
leave this as it comes out of the box and install on site and see how it
performs then ill expand on top of that to requirements. Ill update this
later...
Also you can sign up for free to get email updates on packages and the free
version is restricted to one processor and I think a gig of ram.

The smoothwall basically has the same install as smoothwall as it was a
branch from it. I noticed it never asked if i wanted open / closed or half
closed so i expect its open??
Its seems very cut down and the packages out of date - infact it was pretty
useless till i added the copfilter package were a gained a extra tab with
clam & various proxies and monit which emails you problems. The update
system could see what needed updating but i had to update the packages
manually. Now with ipcop each section has plenty of configurable options
which was a bit over the top and if you change something you can quiet
easily kill the box. I set this up in a virtualbox with two nics and ran
though it for a few days - i then tested it on the box and it was fine -
when i came to install on site and use it - it died three times and just
ran like a pile of crap? I noticed there are a lot more addons and its very
configurable a lot more than smoothwall - but i also noticed as you start
adding the functions its starts getting real hungry - i think ill pass on
this for a while and come back and try when its a tad better......

ill update soon with some more linux firewalls im testing and the results
of the smoothwall in corporate use...

dave im glad ya coming for the xmas bash be good to see you m8 nicely :)



On Wed, 18 Nov 2009 23:13:47 +0000, Dave Smith <lists at td-online.co.uk>
wrote:
> Wayne,
> 
> Yeh, Smoothwall's pretty nice - I used it back on version 2 for a good 
> while on an old 433 for a good while, then stopped due to house 
> renovations. Recently reinvigorated my parents old desktop PC (PIII of 
> some description) which is running it solidly along with 4 NICs (1 to 
> the ADSL Modem; 1 to DMZ; 1 to Wireless; 1 to Internal Network).
> 
> I haven't brought the DMZ live on this box just yet due to my server 
> being too noisy to tuck away anywhere but it worked fine at Version 2!
> 
> My only gripe with smoothwall is that, due to its nature, it's bigger 
> and needs more than it perhaps could do - but without the time to play 
> with IPTables probably here it serves it's purpose well! And, I have to 
> admit, I'm a sucker for a well put together GUI!
> 
> Haven't had chance to play with any of the mods for it yet - not really 
> had a need.
> 
> Be interesting to hear any experiences you have with it.
> 
> Dave
> 
> P.S. I'm pretty certain I can make it next month for the LUG meet,
finally!
> 
> Wayne Ward wrote:
>> Hi guys im just putting a firewall in for a local company im using
>> smoothwall 3 express
>> nice and easy install and a not to complicated gui - i did play around
>> with
>> ipcop at first and it worked 
>> but when i went to put it into place it failed like three times? so im
>> going to try the smoothwall install tomorrow
>> anybody else used and linux firewall distros that are worth a mention..
>> I used to just build a gentoo box and build a iptables script and add
>> some
>> other packages snort etc but 
>> dont have time to manage it as much.
>>

-- 
Regards,
Wayne ward

07957448652
Lancaster Computers

www.lancastercomputers.co.uk
wayne at lancastercomputers.co.uk

Computers - Laptops - Servers - Web Services

More information about the Lancaster mailing list