New Firewall Up and Running with Smoothwall

Mar
15
2007

My Linksys wireless router has gradually been causing more and more problems with my internet connection. Nearly every day it just craps out and won't make outbound connections. If I just power cycle it, it comes right back.

Because the Linksys isn't the only wireless router laying around and I've got 2 static IP addresses from Speakeasy, I've had a Netgear router on the other IP address. It provides a fallback for internet access. However, the printers, file servers, etc. aren't on that network, so it's always been just a temporary patch.

Rather that buy yet another wireless router, I decided to dig in the parts pile for an old machine and put together a more robust Linux firewall and use one of the existing routers as a wireless access point.

I'll admit there were other reasons motivating this as well. With our move toward hosting a foreign exchange students (and hopes to continue in future years), the ability to have a transparent logging proxy (even if it's off by default) is a useful tool. Also, while I use SSH forwarding heavily, I like the idea of having a real VPN setup as well.

Regardless, I had a 700Mhz Celeron with 128MB of RAM and a 20GB drive, which seemed a pretty good candidate. So, I picked up a new network card to add to the one that was already in it and burned a copy of the Smoothwall 2.0. I hooked the machine up to my KVM switch and ran through the install.

The first glitch (no such thing as a 100% smooth install of anything open source or commercial) came when the new network card wasn't recognized.

I spent about an hour looking for the best way to get it automatically recognized (somehow the machine wouldn't read the CD that came with the card, containing a Linux driver). After that, I just decided to give the Smoothwall 3.0 Alpha a shot to see if the driver was included there.

What do you know, it picked it up just fine. The rest of the install was quick. From there, I hooked the Netgear wireless up to the GREEN side of the Smoothwall box (the LAN side), shut the DHCP off, changed the IP address to 192.168.0.99 and rebooted everything involved. So far, everything works like a charm. The documentation covered all of the questions I had.

Now, I've just got to set up the port forwarding rules and static routing to match a decent structure. The DHCP is set for the 100+ portion of the IP range and I'm thinking I'd like to segment it so all of the real machines run from 2-25 (plan for a ridiculous number to be safe), with 26-98 for virtual machines. Most of this has been pretty much done flying by the seat of my pants so far, so this is a good chance to set it up right this time.

Overall, I'm really pleased with this project. It only took a couple of hours (and I was juggling other stuff at the same time), only cost me $6 for the network card and has WAY more functionality. Definitely give Smoothwall a look if you've been considering something similar.

Posted in General, Linux, Software, Technology |

 

Comments on this post

Feedback is always welcome. Read some from other folks or leave your own below. Just keep things civil and remember that what you post lives on in public. Forever.

Thanks,
J

4 Responses to “New Firewall Up and Running with Smoothwall”

  1. Jeremy Says:
    March 22nd, 2007 at 1:19 pm

    J,

    What kind of speakeasy account do you have? I really want to dump comcast due to their bandwidth limiting on skype and bit torrent. I thought a more tech focused company would be able to provide me with a reliable line.

    Would you recommend speakeasy?

    PS I hate comcast so much

  2. J Wynia Says:
    March 22nd, 2007 at 6:49 pm

    I've got nothing but good things to say about Speakeasy. I've got one of their "plus" accounts, though it looks like the packages are slightly different now. I've got 2 static IP addresses on 3.0/768 bandwidth. The 768 uplink bandwidth made a huge difference.

    Comcast is what I had before. They are always advertising their "speed", but offer next to nothing in uplink bandwidth, don't offer any way to let you run servers, etc.

    Speakeasy is the ISP for grown up geeks. It's not $35 a month, but when you call up the service, they actually know what you mean when you say that your router is able to get an IP address, but seems to have a DNS failure. They are NOT the kind of place that will make you spend 30 minutes on the phone with some entry-level drone before checking the DNS servers.

    Since I turned the Smoothwall firewall on, it's had this much data go through it without a hitch:

    Month: 10.5 GB / 13.1 GB (Out/In)

  3. Jeremy Says:
    March 23rd, 2007 at 11:47 am

    thanks J!

    I checked them out and the price quote they gave me over the phone seemed high. I want to pay more for better quality but their 1.5/768 DSL was going to cost me 105.95 a month. I wanted to spend more like 60 a month for a service that will not cut me off like comcast does.

  4. J Wynia Says:
    March 23rd, 2007 at 8:28 pm

    I'm paying right in that neighborhood. However, I was paying Comcast something like $60 before I moved a couple of years ago and am willing to pay for something closer to business class given my reliance on my internet connection.

    Also, my DirecTV bill is about $100, our cellphone bill is $90, etc. and if I had to give any of them up, the internet would be absolutely last.

    So, to me, it's worth it, but I see how it wouldn't be for everyone.

Leave Your Own Comment

By submitting a comment, you agree to license it under the terms of the Creative Commons Attribution license.

People who post comments get the added benefit of visiting the site without advertising.

© 2003-2008 J Wynia. All original content is licensed under the terms of the Creative Commons Attribution license unless otherwise noted. Content from other sources is licensed under its original terms.