DaBeach Posted June 22, 2010 Share Posted June 22, 2010 I was wondering if anyone could shine any light on any security concerns I should be prepared for using Smoothwall. I am playing with setting this up to replace my Netgear FVS338 wired router, however it seems that Smoothwall cannot do as much as the netgear can out of the box. Should I be aware of any security issues with Smoothwall out of the box? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 22, 2010 Share Posted June 22, 2010 I've been reading some reviews on Smoothwall and I have to say that there isn't much for you to be concerned, however its important that you keep watching out for any patches or updates as soon as they become available. That's the only way you are going to have a secure smoothwall. Regards, Infiltrator Quote Link to comment Share on other sites More sharing options...
barry99705 Posted June 22, 2010 Share Posted June 22, 2010 I was wondering if anyone could shine any light on any security concerns I should be prepared for using Smoothwall. I am playing with setting this up to replace my Netgear FVS338 wired router, however it seems that Smoothwall cannot do as much as the netgear can out of the box. Should I be aware of any security issues with Smoothwall out of the box? Uhh, what can the netgear do that you think smoothwall can't? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 23, 2010 Share Posted June 23, 2010 Uhh, what can the netgear do that you think smoothwall can't? One thing for sure, FVS338 can provide fail over options: for example if you have two internet connections and one of them fails the other one will take over. Where on the other hand, I don't think Smoothwall offers this capability. FVS338 offers VPN capabilities and Smoothwall doesn't. The FVS338 has a lot more advanced features that, Smoothwall doesn't have. FVS338 has routing capabilities, that exchanges information between two different network segments. Smoothwall doesn't I think FVS338 will be better suited for a business environment rather than a home environment. For a small home network set up, smoothwall will be more than enough. For comperison purposes I think you should read the following links below. http://www.smoothwall.org/about/express-feature-list/ http://www.netgear.com/Products/VPNandSSL/...=Specifications Regards, Infiltrator Quote Link to comment Share on other sites More sharing options...
mux Posted June 23, 2010 Share Posted June 23, 2010 FVS338 offers VPN capabilities and Smoothwall doesn't. The FVS338 has a lot more advanced features that, Smoothwall doesn't have. FVS338 has routing capabilities, that exchanges information between two different network segments. Smoothwall doesn't Both of these statements are incorrect, for Smoothwall 3.x at least. Smoothwall has a plugin specifically for VPN. Smoothwall uses a port of Zerina to manage OpenVPN w/ firewall and routing specifications. Also, iirc, Smoothwall by default has a place to add routes so that you can network between two different network segments. Everything else you listed seems pretty correct as I don't remember failover options. Depending on how much time and effort you put into a Smoothwall box, it could eventually become a business router considering everything is open source and easy to toy around with. For more information on Smoothwall plugins, visit the official Smoothwall Mod forum: http://community.smoothwall.org/forum/viewforum.php?f=26 Lots of nice, actively developed plugins there for Smoothwall. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 23, 2010 Share Posted June 23, 2010 (edited) Both of these statements are incorrect, for Smoothwall 3.x at least. Smoothwall has a plugin specifically for VPN. Smoothwall uses a port of Zerina to manage OpenVPN w/ firewall and routing specifications. Also, iirc, Smoothwall by default has a place to add routes so that you can network between two different network segments. Everything else you listed seems pretty correct as I don't remember failover options. Depending on how much time and effort you put into a Smoothwall box, it could eventually become a business router considering everything is open source and easy to toy around with. For more information on Smoothwall plugins, visit the official Smoothwall Mod forum: http://community.smoothwall.org/forum/viewforum.php?f=26 Lots of nice, actively developed plugins there for Smoothwall. I guess if you install the plug ins than yes, smoothwall will offer these capabilities. Does it come with the plug ins pre-installed or do you have to install them manually. Whereas FVS338 comes with all these functionality out of the box. Edited June 23, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
DaBeach Posted June 23, 2010 Author Share Posted June 23, 2010 Uhh, what can the netgear do that you think smoothwall can't? Since I am a Smoothwall noob I may not be aware of settings that will allow me to do what my FVS338 does via its GUI, for example. With my FVS338 I am able to: Block or allow ports for a particular LAN IP * I have only been able to via Smoothwall GUI allow a port for ALL LAN ip's. Limit bandwidth for a particular LAN IP Block URL's and limit this block to an IP or IP list, all others would be allowed to the URL Block ALL MAC ID's and only allow those in whitelist to access LAN or WAN Note the FVS338 is not a wireless router, I have used this for years without issue however, I would like to have more information and control over the network and that's why I tried smoothwall. I have also tired several other open source firewalls such as: IPCop - Did not seem to provide comparable features to my FVS338 pfSense - Could not get it to install on my machine unTangle - Again seemed limited Astaro - Could not install on my machine crashed at software check I assume at this point that Smoothwall can be setup preferably via GUI or command line to perform like my netgear, although I really don't want to have do get into the command line all the time. Since I saw the last HAK5 show it lit a fire for me to start this project, if I can get it setup I will purchase the components similar to the show. Quote Link to comment Share on other sites More sharing options...
DaBeach Posted June 23, 2010 Author Share Posted June 23, 2010 I guess if you install the plug ins than yes, smoothwall will offer these capabilities. Does it come with the plug ins pre-installed or do you have to install them manually. Whereas FVS338 comes with all these functionality out of the box. Yes, I was hoping at a minimum that Smoothwall would have the same features as the FVS338 out of the box and available via GUI. I am getting the feeling that in order to match the netgear I will have to learn and dig into settings via command line. I am hoping that there are plug in's available to match the netgear features however, I am also wondering if there would be any issues similar to downloading a pirated OS. If the software is somehow infected I might never know that information is being copied or rerouted. Anyone else feel this way? Quote Link to comment Share on other sites More sharing options...
DaBeach Posted June 23, 2010 Author Share Posted June 23, 2010 Another thing. Even if I build a Smoothwall to match what was on the show it would be cheaper to add 1GB ethernet that what it would be if I upgraded to a matching router with a new one that would have the 1GB which I would imagine would be around $500+/-. Quote Link to comment Share on other sites More sharing options...
mux Posted June 23, 2010 Share Posted June 23, 2010 (edited) Yes, I was hoping at a minimum that Smoothwall would have the same features as the FVS338 out of the box and available via GUI. I am getting the feeling that in order to match the netgear I will have to learn and dig into settings via command line. You really only have to learn 3 commands to install a plugin for Smoothwall: -wget -tar -how to use a dot slash to install It's super easy to configure plugins for Smoothwall. Also, please take into consideration that the plugins are modular with the default Smoothwall GUI. This means that they are directly built into Smoothwall after installation. However, read the documentation for them thoroughly before installing like anything else. Now for certain things, you may or may not want to use the Smoothwall GUI depending on how well you know your way around a *nix system. This is not to say, however, that Smoothwall with 10-15 mins of config out of the box is not a good router (More if you really want to have a very advanced router w/ the plugins). EDIT: Quick concern I just had. The OP realizes that Smoothwall has a web interface, right? I am hoping that there are plug in's available to match the netgear features however, I am also wondering if there would be any issues similar to downloading a pirated OS. If the software is somehow infected I might never know that information is being copied or rerouted. Anyone else feel this way? The plugins for Smoothwall that are listed in the link (Official Smoothwall Forums) I provided are the plugins that are open source and gained the support of Smoothwall's developers. At the end of the day it comes down to a similar debate between running a *nix box vs. running a Windows box. Do you prefer full control over your system or do you just want something that works out of the box? Edited June 23, 2010 by mux Quote Link to comment Share on other sites More sharing options...
barry99705 Posted June 23, 2010 Share Posted June 23, 2010 (edited) Since I am a Smoothwall noob I may not be aware of settings that will allow me to do what my FVS338 does via its GUI, for example. With my FVS338 I am able to: Block or allow ports for a particular LAN IP * I have only been able to via Smoothwall GUI allow a port for ALL LAN ip's. Smoothwall does this. Limit bandwidth for a particular LAN IP does this too Block URL's and limit this block to an IP or IP list, all others would be allowed to the URL needs a plugin Block ALL MAC ID's and only allow those in whitelist to access LAN or WAN does this Note the FVS338 is not a wireless router, I have used this for years without issue however, I would like to have more information and control over the network and that's why I tried smoothwall. I have also tired several other open source firewalls such as: IPCop - Did not seem to provide comparable features to my FVS338 pfSense - Could not get it to install on my machine unTangle - Again seemed limited Astaro - Could not install on my machine crashed at software check I assume at this point that Smoothwall can be setup preferably via GUI or command line to perform like my netgear, although I really don't want to have do get into the command line all the time. Smoothwall has a web interface. Since I saw the last HAK5 show it lit a fire for me to start this project, if I can get it setup I will purchase the components similar to the show. Another thing. Even if I build a Smoothwall to match what was on the show it would be cheaper to add 1GB ethernet that what it would be if I upgraded to a matching router with a new one that would have the 1GB which I would imagine would be around $500+/-. Do you have a gigabit internet connection? Gigabit on a firewall is kind of useless unless you do. I am hoping that there are plug in's available to match the netgear features however, I am also wondering if there would be any issues similar to downloading a pirated OS. If the software is somehow infected I might never know that information is being copied or rerouted. Anyone else feel this way? They are a company that sells prebuilt hardware with this software. Do you really think they are going to do something like that? That would be like Microsoft copying all the photo's out of every Windows install in the world. The company would be out of business within a week. Edited June 23, 2010 by barry99705 Quote Link to comment Share on other sites More sharing options...
DaBeach Posted June 23, 2010 Author Share Posted June 23, 2010 Well despite all the help I have hit the rocks again with smoothwall. I am not sure if it is my PC Intel P4 3GH 1GBRam 80GBHDD, but after a fresh Smoothwall install which seemed to work ok (setup using LAN IP's in the 172 range the system suddenly crashed. After a reboot the system was providing the LAN's an IP in the 169 range however, no web GUI or internet access could be had. Although I was excited to setup a mini ITX with smoothwall I have gone back to the Netgear FVS338. As an aside I also tried other distros which failed like pfsense (failed to install but ran as a live CD). Unfortunately too much aggravation. Nuts. Quote Link to comment Share on other sites More sharing options...
DaBeach Posted June 23, 2010 Author Share Posted June 23, 2010 Do you have a gigabit internet connection? Gigabit on a firewall is kind of useless unless you do. I have decided to pickup some gigabit cards and a switch, I want the LAN to have the ability to transfer at a high rate and realize that a gigabit router or card for the WAN would be a waste. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 23, 2010 Share Posted June 23, 2010 Well despite all the help I have hit the rocks again with smoothwall. I am not sure if it is my PC Intel P4 3GH 1GBRam 80GBHDD, but after a fresh Smoothwall install which seemed to work ok (setup using LAN IP's in the 172 range the system suddenly crashed. After a reboot the system was providing the LAN's an IP in the 169 range however, no web GUI or internet access could be had. Although I was excited to setup a mini ITX with smoothwall I have gone back to the Netgear FVS338. As an aside I also tried other distros which failed like pfsense (failed to install but ran as a live CD). Unfortunately too much aggravation. Nuts. Which device did you set as your DHCP server smoothwall or the ADLS Modem. Quote Link to comment Share on other sites More sharing options...
DaBeach Posted June 24, 2010 Author Share Posted June 24, 2010 (edited) Which device did you set as your DHCP server smoothwall or the ADLS Modem. The system I used has 2 NIC's one a 10/100 the other a gb. I had set up the system like this. Netgear gb NIC (green) the LAN side (this would have been the DHCP side if I remember correct) Built in Asustek NIC (RED) the WAN side Cable modem ISP. Smoothwall did probe and see the NIC's without issue and in the beginning I was able to plug in and go without issue. I had set it to provide IP's on the 172 range which it did. I was able to get onto the net with multiple computers and log in to the WWW GUI and FTPS & SSH. Then prior to the issue my system CPU fan went on high, the system did not appear to be frozen and it showed the login on the monitor attached to the smoothwall box. I was suddenly unable to access the web and WWW GUI. I checked my WIN7 box and noticed it now had an IP in the 169 range. I rebooted everything and the Smoothwall box started and went into the logon prompt, the WIN7 box had another 169 IP but was unable to get onto the web or WWW GUI. Due to issues I had with other platforms such as Astaro & pfSense I am feeling as if there is something on the router box the linux does not like. I am tempted to start it again fresh as I don't want to give up but I am not sure it would be worth the aggravation. As before, I am a smoothwall noob without question and have no real linux experience. Edited June 24, 2010 by DaBeach Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 7, 2010 Share Posted July 7, 2010 (edited) So you are 100% sure, that there isn't more than one DHCP server running and that, smoothwall is not set to distribute ip addresses, if that is the case you might want to turn DHCP off on Smoothwall and allow you modem to distribute the ip addresses or vice and versa. Another thing to make sure, is that smoothwall has all the correct ip settings, like default gateway, subnet mask and dns ip address. In my set up, I manually set all the ip addresses and configured my modem to lease the ip addresses, instead of Smoothwall. You might want to re-check all the configuration in smoothwall. Do also a ping test, to determine if smoothwall can ping any internet machine or external host, like google.com.au Edited July 7, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.