Ep 7x18 Smoothwall Question

[i.am.stack]

Just watched 7x18 and since I don't see that created yet under the episodes forum (and I don't want to create it) I figured I would try posting to 'Everything Else' instead.

Darren built up a Smoothwall installation and touched on the main reason why I left Smoothwall well over two years ago. Backup and Restore. Funny enough, *also* mentioned in the episode.

Smoothwall uses _FLOPPY_ disks to backup and restore from. Sure Smoothwall lets you download a floppy image, but last I checked it won't restore from that image. Maybe I missed it but I didn't see a floppy connection on Darren's really cool Atom based system. Hope Darren spent another 20$-30$ on a USB floppy drive and a couple of disks. I also hope it isn't like some of the newer systems I have seen that don't have a USB floppy disk boot option....

I had Smoothwall up and running on my home connection for some time. Normally if I lose internet for a while, oh well. So what if I can't surf /. for a few hours. Whatever. However, this time I had something important going on (naturally). I was several weeks into trying to help get a friends business off the ground by hosting his website and doing the admin for it. The box was DMZ'd and I had a decently complex configuration for the network. I just needed to last the week. Except, Murphy doesn't like anyone. Power outage. Everything came back up except Smoothwall. After a couple of hours switching out parts I came to the conclusion that the box was just gone. No biggie, I always downloaded the floppy images when I made a change and I have got good backups. I grabbed a spare box and started the restore when it struck me...where the hell do I find a floppy disk?? The last computer I bought with a floppy drive in it had been tossed out long ago. I managed to dig up a few floppy disks that were forever old, but no floppy drive.

None of the stores (compusa, walmart, best buy, circuit city, ect) had floppy drives. So there went 60$ overnighting a floppy drive from Newegg. Then I found that all these floppy disks I had kept since the 90's in the back of my closet had all gone bad and all threw write errors when writing the image to the floppy (probably because they baked in the summer and froze in the winter along with years of abuse and neglect).

Want to guess how many stores carry floppy disks now??

So I built another firewall box and customized it for the pressing needs (with _only_ three days downtime finding replacement parts ) and I went a week without internet till he got his funding and could afford to buy hosting that wasn't on a home connection. I swore I wasn't going to deal with technologies that I can't restore to regardless of how well it backs up. I really liked Smoothwall and I have not found a good replacement. The best I have found for my needs is Untangle, but it chops resources like mad. However, I am not even going to try a Smoothwall VM until I _know_ I don't need floppies anymore.

As much as backups are talked about on the show, I am sure Darren will do a backup of his Smoothwall settings. The question is, how is he planning on restoring should that jerk Murphy come knocking at his door??

Does anyone know if Smoothwall has changed in the last 2 years? It would thrill me quite a bit to find Smoothwall no longer requires a floppy, but I have not seen nor heard of another option without getting the paid for support (which I don't need as a home user).

[Infiltrator]

Have you tried

http://www.pfsense.com/

[Bercik]

Or ipcop

http://sourceforge.net/apps/trac/ipcop/wiki

[ascorbic]

A few weeks ago I started looking into every linux based router distrobution I could come across. FreeBSD is nice, but I like to stick to Linux so that means monowall and pfsense are out for me.

IPCop is a fork of smoothwall and both IPCop and smoothwall haven't been updated in over a year. I also came across this article

http://neuro.me.uk/2008/03/05/no-more-smoothwall-for-me/

And that pretty much put the nail in the coffin. I really hate when politics get in the way of making software. So to answer your question, I haven't used Smoothwall for the past two years, but I don't think much has changed.

I very quickly looked into Vyatta but was dissapointed that it doesn't run on 64 bit hardware. That might be overkill for a router, but I am not living in the past, I have current hardware and I want everything to be 64 bit. Vyatta also seems to be highly targetted towards cisco replacements in enterprise environments. I decided to come back to Vyatta if all other distros fail me.

Then I found Untangle. It is being activly developed, it runs on current hardware and the community is great. They have a ton of free addons and some paid ones that would only be needed in enterprise applications. Then I found out if your configuration isn't in line with their ideal configuration setup (ie only one internal network) then you are pretty much out of luck. If you only have two NICs then Untangle might work for you, but any extra NICS are useless. I only have a few machines which will be on my wired network so I don't want an additional switch to mess around with. So Untangle is out for me, but it gets the thumbs up.

Now I am currently looking into eBox. This is an addon you install on top of Ubuntu. So far I am really impressed. It is being activly developed, has a decent (although slow) community and it seems to be the most open of all the other distros. You can take an existing install of Ubuntu and add a repo for eBox and install from there.

[VaKo]

It is a real shame that you don't want to look into PFsense, out of all the router distros I've come across it just seems to work for me, very stable and quite powerful.

[ascorbic]

It is a real shame that you don't want to look into PFsense, out of all the router distros I've come across it just seems to work for me, very stable and quite powerful.

Yeah I really wish pfsense was linux based because I have heard great things about it. Ultimately it comes down to me being stubborn. I know linux, I don't want to be bothered learning the subtle little differences like slices.

[VaKo]

Its a router, it sits there and routes traffic, other than that it doesn't really need to do much else. And once you set a router up, how often do you touch it? I would suggest that you at least try it, its a quality product.

Having said that, Vyatta is something I will have to try.

[Infiltrator]

So many firewalls, so many features, but in the end you have to stick to the one that works best for you. I don't mind going that extra mile to learn something different, it can quite fun and rewarding in the end.

But for me I will just stick to these pfsense and smoothwall.

Edited June 19, 2010 by Infiltrator

[ascorbic]

Its a router, it sits there and routes traffic, other than that it doesn't really need to do much else. And once you set a router up, how often do you touch it? I would suggest that you at least try it, its a quality product.

Having said that, Vyatta is something I will have to try.

If I had more knowledge of FreeBSD it wouldn't be such an issue. But it is the one random occurrence where something will go wrong and I will know how to do something in linux but not freebsd that makes will frustrated to no end. This could be fixed with some learning, but I'd rather put that horsepower somewhere else.

Vyatta does seem to be the most enterprise of the bunch. There is also a product called ClarkConenct which I came across and it looked like it was a competitor to Vyatta, but I don't think there is a free/community version anymore. Or if there is, they hide it very well.

One little note about Vyatta that got under my skin, the word vyatta is suppose to mean open. I don't think it fits at all, I don't want my router/firewall to be open. I think they mean open in the open source sense, but the product isn't 100% open, more like 30% open.

[Tex©]

So I a thought (o god the pain) XD any how could you attach another hdd to the smoothwall rig and get network storage out of it ? I mean you would probably have to modify something but has any one herd of this or seen an add on?

Edited June 19, 2010 by Tex©

[ascorbic]

So I a thought (o god the pain) XD any how could you attach another hdd to the smoothwall rig and get network storage out of it ? I mean you would probably have to modify something but has any one herd of this or seen an add on?

This is supported out of the box with eBox

[Tex©]

thank you :)

edit :

this is the Ethernet card ye need Darren

http://www.electroon.com/home/en/shop/deta...terboard44.html

Edited June 19, 2010 by Tex©

[i.am.stack]

Hello everybody!

Thanks for the replies; sorry I wasn't around at all yesterday.

I have looked at many other firewalls. Some of them were nice, but I was a bit cautious as many have not been updated in years. I wasn't a fan of Vyatta nor of IPCop (though I have not tried this one in some time).

I tried Endian for a while and was _really_ impressed with how fast it was, however, it had way too many bugs. I had three nic cards (internet, lan, wireless) and they would shuffle around on reboots. DHCP would _always_ have to be started manually. Documentation and their forums were of little help to me. Of course this was with version 2.2 and having talked to someone about the May 2010 release of 2.4 supposedly the product has gotten a lot better. I have not tried 2.4 mainly because of lack of time, but I am willing to say that my problems with Endian *may* no longer exist. I don't know yet (though I do wish to find out).

eBox has been fun to tinker around with, however, I am not convinced to run this as my primary firewall. Too many things don't work right and while I applaud them for having a fair amount of documentation there is still a ways to go. There are hundreds of features and extras in eBox but none of them are quite 100%. I wish they would focus in and get the basics working solidly first. Here are a few examples: fresh install of eBox and it took me hours to get file transfers to work between two local systems using the Jabber setup that comes with eBox. I have yet to get LDAP working with eBox. I got LDAP partially working on a Debian server, but never got it functional on eBox. Yet this is one of the advertised features. <_<

I actually liked SME server, however, I ran into too many issues regarding older versions of packaging. Since it is based on an old version of CentOS, it is difficult to work with (in my opinion). They are working on SME version 8 which is supposed to be based on CentOS 5, but that is still dealing with old software* and getting older now that the RHEL 6 beta is fully underway and is expected to be released within the next few months. (* yes I know enterprise grade software is well tested and there is a reason to keep it there...I really don't have a problem with CentOS 5 except with python...grr...stupid python 2.4...and upgrading to 2.6 breaks things like yum...side-by-side works...sometimes....pain in the....).

Untangle works and it does what I want for the most part. It is just that the resources are absurd. My old firewall was a fanless 1.2Ghz AMD GeoNode with 512MB of ram. It ran Smoothwall for a very long time with minimal usage. My current Untangle box is a P4 3Ghz with 3GB of memory and it runs constantly at a load of 1.5-2. Using the web interface is sluggish and it takes forever to run reports. A LUG member reported that was a huge problem for his company when they first started using Untangle. They really liked it but it chomped resources. So they just bought a 64bit Quad-Core 3.0Ghz Xeon with 8GB of memory. Untangle isn't slow any more...I just don't have those kinds of resources.

The things about Smoothwall that I really miss are the really good reporting tools. What was attacking the firewall, who was trying to ping sweep my firewall, what virus/worm/trojan was trying to get access ect. ect. I haven't seen as good of reporting in others; sure others have them but they are not as nice. I would also LOVE to build up a new box running on something like an Atom processor. For months now I have been thinking about how cool it would be to get something like what Darren built. One of the cheep Atoms with 1-2GB of memory, an 8 GB flash drive, and a multi-port network card. It would use so little energy (also low heat) and fanless so no noise!! There is just no way I could do that with Untangle as the resource are just not there but I have no doubt that system would be a rocking Smoothwall box. Yet again, I find myself wanting Smoothwall...but I am NOT going to use a distro that backs up and restores from a technology that old. Maybe in Smoothwall 4.0 they will at least start supporting Zip disks...

I had forgotten about pfsense. I messed around with it after their big fork and I have not messed with it since. I am downloading it right now and will mess with it for a while. Thanks!

Thanks for the comments guys!

[i.am.stack]

this is the Ethernet card ye need Darren

http://www.electroon.com/home/en/shop/deta...terboard44.html

Just saw this post. Guess you made it as I was typing out my monster post. :-)

I like the idea of that card, but personally I would want Gigabit instead of just 10/100. I know I don't have those speeds out to the internet yet, but I would want to split up the LAN so that one port would be wireless networks, one my local LAN, one my internet, and one a DMZ. The cross networks I wouldn't want to hit the 10/100 bottleneck. Maybe that is just me. The problem is that it jumps the price up into the 300$ range which is a bit much for me....

However, a 2 port isn't too bad. If I buy my Atom build I would probably spend the 80$ to get this: http://www.newegg.com/Product/Product.aspx...N82E16833166040

I know some people don't like Rosewill, but the Intel is almost double the price: http://www.newegg.com/Product/Product.aspx...N82E16833106034

[Gadwil]

http://community.smoothwall.org/forum/view...=275305#p275305

This details how to manually back-up and restore w/o floppy's. May want to give it a shot.

[Tex©]

found a better 4 port but is like 200

http://www.pcrush.com/product/Network-Adap...hernet-LAN-Card

[barry99705]

IPCop is a fork of smoothwall and both IPCop and smoothwall haven't been updated in over a year. I also came across this article

http://neuro.me.uk/2008/03/05/no-more-smoothwall-for-me/

And that pretty much put the nail in the coffin. I really hate when politics get in the way of making software. So to answer your question, I haven't used Smoothwall for the past two years, but I don't think much has changed.

It's not September yet, so it hasn't been over a year yet. ;)

update5-i386    2009-09-02
This update contains numerous updates for components of SmoothWall Express 3.0 as well as improved functionality and several bug fixes.
New Versions:
Snort 2.8.4.1
Clamav 0.95.2
Squid 2.7.STABLE6
Imspector 20090728
Openssl 0.9.8k
Openssh 5.2p1
Module-init-tools 3.5
Functionality improvements:
Open port 4500 to support IPsec NAT traversal.
Reliability improvements for timed access.
Fix bouncing port forwards.
Increase Apache request timeout to 20 minutes to allow slow CGI scripts.
Add timeouts in connection tracking to avoid spurious log messages.
Support for Home and End keys in the shell.
Fix the locate command in the shell.
User interface improvements:
Don't display high memory usage in red on graphs, as this is normal.
Typo in error message on external access page.
Only display PPP control buttons on front page when PPP is enabled.
Corrections to list of package sources.
Backend changes:
Load MAC address match module into iptables by default.
Correct invalid path when stopping DHCP client.
When an interface address is changed, restart the services which use it.
Support updating complex iptables rulesets larger than 64K.

I've never had problems with smoothwall. Backup to floppy isn't that big a deal. I usually use fairly old hardware when setting up smoothwall boxes, they usually have a floppy in them still.

Edited June 20, 2010 by barry99705

[Tex©]

I've never had problems with smoothwall. Backup to floppy isn't that big a deal. I usually use fairly old hardware when setting up smoothwall boxes, they usually have a floppy in them still.

it still would be nice if they would add a flash drive option to backup to but like you said about the old hard ware

Edited June 20, 2010 by Tex©

[3TeK]

i run RouterOS, so much easier to use than Smoothwall/PFsense/Ip cop/etc

RouterOS

[i.am.stack]

I know it has been a few weeks since I last updated this thread, but someone recommended that I check out ClearOS. I have only been testing it today, but I am really impressed so far. Resource usage is pretty low (not the lowest I have seen but it is on par with what I saw with Smoothwall). It has a ton of extra features that so far appear to work (have not tested _all_ of them yet but better luck so far then others). It also has really nice reporting tools and a easy to follow interface.

After only a few hours with it, I am about 99% certain that I won't be going back to messing with ebox. There are a few things that I have to answer first before I make the final dive, claim it to 'be all that', and knock out Untangle to make ClearOS my primary firewall but I am really close to it.

Anyway, just throwing that out there as it wasn't mentioned before in the other posts.

[ascorbic]

It's not September yet, so it hasn't been over a year yet. ;)

Hmm, according to http://www.smoothwall.org/get/ as of this post the last update is "SmoothWall Express 3.0 SP1 Released - 8th January 2009"

[ascorbic]

I know it has been a few weeks since I last updated this thread, but someone recommended that I check out ClearOS. I have only been testing it today, but I am really impressed so far. Resource usage is pretty low (not the lowest I have seen but it is on par with what I saw with Smoothwall). It has a ton of extra features that so far appear to work (have not tested _all_ of them yet but better luck so far then others). It also has really nice reporting tools and a easy to follow interface.

After only a few hours with it, I am about 99% certain that I won't be going back to messing with ebox. There are a few things that I have to answer first before I make the final dive, claim it to 'be all that', and knock out Untangle to make ClearOS my primary firewall but I am really close to it.

Anyway, just throwing that out there as it wasn't mentioned before in the other posts.

Thanks for the info. I looked into Clark Connect but didn't get too far. Apparently ClarkConnect is dead and has moved onto or has just been renamed to ClearOS. I think Clark Connect was commercial so I didn't look too deeply into ClearOS. I think I ended up searching for the community edition and got discouraged.

It turns out there is no community edition because it is 100% free now. So I thought what the hell lets give this another try. For some strange reason I can't boot their ISOs on an ESXi instance. I verified the MD5 hashes and I have tried booting with other isos. Other ISOs work fine. When I try theirs I get an Operating System cannot be found error.

I see they offer a VMware image, but you usually need to do some conversion to get them working with ESXi.