Smoothwall Express is a open source project setup in year 2000 to develop a free firewall that includes its own security-hardened GNU/Linux operating system and easy to use web interface.
This product is not to be mistaken for the commercial corporate product “smoothwall” which is a a very powerful web filtering and security appliance that can be used to control web traffic in depth working up to layer 7 of the OSI model.
Oct 12, 2014 Welcome to Smoothwall Express 3.1. The Smoothwall Community are pleased as punch to announce the release of the long awaited Smoothwall Express 3.1 Firewall. This release is a refresh of v3.0's foundation and a culmination of 5½ years of effort that began with the Roadster Test Vehicle. The build system has been thoroughly worked over, and the.
The smoothwall express device can deployed in two methods,
Explicit Mode: In explicit mode, requests are sent to the proxy device for analysis and matching from hosts as the traffic travels from inside to the outside network, using this method means users would need to define a proxy server inside their internet options. The proxy server can also be bypassed if the settings are removed from internet options and the firewall is allowing hosts to get out on http and https.
Transparent Mode:In transparent mode, the data must pass the device in order to get out, its like a bump in the wire, this method is more secure in the sense that requests are not sent to the proxy server however the proxy server is the ultimate destination. No settings need to be defined inside internet options when using this method.
- Users can download the SP1 as an ISO image. The first Service Pack (SP) release of Smoothwall Express 3.1, an open source best-of-breed Internet firewall and router operating system designed to.
- Smoothwall is a best-of-breed Internet firewall/router, designed to run on commodity hardware and to provide an easy-to-use administration interface.
- Information about Smoothwall Express 3.1 SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Linux is the ideal choice for security systems; it is well proven, secure, highly configurable and freely††† available as open source code.
Smoothwall Express is a great free product, however there are limitations – these include the lack of NAT and VLAN support. Currently only one network per interface may be defined, so if you have multiple VLANs it will be tricky to get them all to work. Regardless of the limitations this is a good product and was designed for home use, however small business can take advantages too.
In this step by step guide we will go through the process of deploying smoothwall express as a VM in Hyper-V and configuring the device with basic settings to act as a explicit proxy.
Although Im using Hyper-V the device can also be deployed using VMware ESXI/WS Oracale VB
Below is the topology that we will be working with:
Lets get started!
1. Download “smoothwall express 3.1” from www.smoothwall.org , you have the option to download a standard/developer/offroad version in 32bit or 63bit, in this example we will use the standard 64bit version. There is also a .OVA template of V3.0 for ESXI if that’s your preferred flavor.
2. Launch “Hyper V”, right click the host and click “New” – “Virtual Machine”
3. At the wizard, click “Next”
4. Give the virtual machine a name and specify a location to store the VM, click “Next”
5. In order for the device to be able to boot using an IDE controller and run the version of OS we require, we must use a Gen 1 VM, Select “Generation 1” click “Next”
6. Allocate memory for the VM, in this case i have allocated “2048”, you can allocate a smaller amount if you do not have enough RAM. Click “Next”
7. By default the VM will have a single NIC, connect the default NIC to the virtual switch for network connectivity. Click “Next”
8. Create a new had drive and allocate 50GB as its size, specify a location to store the VHD file and click “Next”
How To Install Smoothwall Express 3.1 On Vmware
9. Select “Install an operating system from a bootable CD/DVD-ROM” and select “Image file (ISO)” browse for the “Smoothwall Express 3.1” ISO downloaded earlier. Click “Next”
10. Review the information on the window and click “Finish”
Hyper-V will create the VM
11. Now that the VM has been created we need to edit the settings to add an additional NIC, right click the VM and select “Settings”
12. From the left hand pane select “Add Hardware” and select “Network Adapter”, click “Add”
Format usb drive ext4. 13. Select the newly created NIC from the left pane, and allocate to the virtual switch
14. Still under the new NIC, tick “VLAN ID” and specify the VLAN that will be used for the outside interface of the smoothwall device, this interface will connect to the firewall or WAN router.
15. Now select the default NIC that was created as part of the VM creation and amend the VLAN settings. This will be for the inside part of the network where the requests will be sent to the smoothwall proxy from inside hosts. in this example Im using VLAN 255.
16. Click “Apply” and hit “OK” to save and close the settings window
17. Right click the VM and select “Connect”
18. The console window will appear, hit the “Start” button to fire up the VM
19. the VM will boot the ISO previously loaded, select “Install Smoothwall Express”
20. Click “OK” at the notice
21. Click “OK” to allow the installation to format and partition the hard disk.
22. Click “OK” at the format warning
The installation of the files will begin
23. At the message “Smoothwall Express was successfully Installed” click “OK”
24. At the message below click “NO”
25. Select “UK” and click “OK”
26. Select the correct timezone and click “OK”
27. Give the device a hostname and click “OK”, in this case i have left it as “smoothwall”
28. At this stage you can select what type of security policy you would like to implement on outgoing traffic, you can leave all outgoing traffic as open/half-open or closed, the default is “half-open” which i have selected for this example. you can also amend this later.
29. At the next window select “Network configuration type” and click “OK”
30. This menu allows you to select the interfaces that you want to use in the deployment – in other terms these are like zones which is represented by a color. “Green + Red” for two zones such as Inside and Outside, or “Green + Orange + Red” for 3 zones such as Inside, DMZ, Outside. For our deployment we will need two zones, Select “Green + Red” and hit “OK”
Cached
31. Select “card assignments” and click “OK”
32. From this menu we will assign a NIC to a zone, click “OK” to proceed
33. From the first NIC select “Green” and hit “OK”(make sure the MAC address matches the VM NIC allocated to VLAN 255) this will be the “Inside” zone
34. Now for the second NIC select “Red” and hit “OK” this will be our “Outside” Zone
35. Once all card have been successfully allocated click “OK”
36. Select “Address settings” and hit “OK”
37. Select “Green” and hit “OK” to specify IP details for the Inside zone.
38. Click “OK” to proceed
39. Enter the IP Details of the Inside Zone, which in this case is in VLAN 255. Tamagotchi connection music star. I have used 192.168.255.7 /24 as the interface IP.
40. Select “Red” and hit “OK” to specify IP details for the Outside zone.
41. Select “Static” and leave the default “DHCP Hostname”. Allocate an IP on the Outside Interface, in this case i have used 192.168.10.7 /24 which is within VLAN 10. Hit “OK” to exit.
4 4 Weekly Downloads
42. Now select “Done” to apply the settings.
43. Select “DNS and Gateway Settings” and click “OK”
44. Enter the DNS information and the default gateway address the smoothwall device will use to get off the network. In this case our default getaway is on the outside so this is our firewall at 192.168.10.1
45. Select “Done” to apply the settings
46. Select “Finished” to complete setup
47. Now enter a password for the “admin” user, this is the account that will be used to administer the device via the web GUI. Click “OK”
48. Enter a password for the “root” user, this is the account that will be required to administer the device via CLI using console/SSH
49. Click “OK” the device will reboot.
The “Smoothwall Login” prompt will indicate that the device is now ready
50. Launch a browser and using http, navigate to the address of the smoothwall device on the inside interface on port 81. for eg. “http://192.168.255.7:81”, at the prompt login using the “admin” credentials. (https can also be used on port 441)
51. After successfully authenticating we should now be able to see the home screen of the GUI interface of the smoothwall device.
52. By default the Web proxy and URL filtering features are disabled, so this needs to be enabled, to do this – navigate to “Services” – “Web Proxy” and tick “Enabled” and tick “URL Filter Enabled” hit “Save”. We also have the option of enabling the web proxy in “Transparent” mode. however in this example we are deploying the smoothwall as a explicit proxy.
53. Now that the URL filtering features have been enabled lets create a custom blocked list and test the explicit proxy. Click “URL Filter” and under “Custom Blacklist” tick “Enable”. In the “Blocked Domains” field enter a test domain to block. I have used “bing.com” for this example. hit “Save and restart”
57. Launch “DNS” to create a DNS entry for the smoothwall device
58. From the DNS window expand “Forward Lookup Zones” and within the internal domain zone right click and create a “New Host (A or AAAA).” record.
59. Enter the name of the device and its IP address, hit “Add Host”
60. Hit “OK”
The host record should now be visible under the zone.
61. Test the new record to verify DNS is able to resolve the hostname of the smoothwall device to the IP address specified, Launch “CMD” and type “nslookup smoothwall”
62. Launch “Internet Options”
63. Click “Connections” and hit “LAN Settings”
64. Under “Proxy Server” Tick “Use a proxy server for your LAN” and specify the DNS name of the smoothwall device followed by the port no. “800”. Click “OK” and close the Internet options dialog box
65. Launch a browser and navigate to the previously blocked site and verify if smoothwall blocks the page. In this example we blocked “bing.com” and we can see that a splash page is displayed showing the page is being blocked due to a policy enforcement.
66. Navigate to “Logs” – “URL Filter” and verify there is a log record of the action taken by smoothwall.
Express 3.1 is the current stable release of the open source GPL network firewall.
Like Express 3.0, two architectures are available; one for Intel® i586 and one for 64bit processors.
In addition, three release types are available:
1. Standard - This is the normal release type for users.
2. Developer - This is a release targeted at people who want to work on Smoothwall Express.
3. Offroad - A cut down version for people who want to ensure their system's hardware is compatible with Smoothwall Express.
Please read the Release Announcement before downloading.
We welcome all feedback. Please view the forums for information on how you can report issues, post suggestions, etc.
The OffRoad ISOs are approcximately 32MB in size, all other ISO files are approcximately 220 MB in size.
All ISOs include an Installation guide, whist the Admin guides for 3.1 are currently in progress and will be released soon.
Standard edition:
Smoothwall Express 3.1 (i586)
MD5 : d8546bd1430480361eaf0261d7e70283
SHA1 : 21d6bb760c5783ce07fef6914cd6bea04ca35764
Smoothwall Express 3.1 (64bit)
MD5 : cfaf7f11901a164cd00c07518c7311ba
SHA1 : 8c172724f1b977692929a1ab8d95aeef04604a6b
Developer edition:
Smoothwall Express 3.1 (i586)
MD5 : 4de69bab8a41edf8800ec0398a5c96fd
SHA1 : 8927310b46a2a4727d326b6b4956d5b5f7271c50
Smoothwall Express 3.1 (64bit)
MD5 : e38647e4f5a3329f5e6ab084bfbee458
SHA1 : b72cbc28503d4b209ed15d9d071a91df7b344d85
Offroad edition:
Smoothwall Express 3.1 (i586)
MD5 : f8072557e2f1c2337fa183124c3dc893
SHA1 : 93d8f30e1d9a29ce446d685af41ef8767282270e
Smoothwall Express 3.1 (64bit)
MD5 : 925c814511591682646daebac7f0ed1d
SHA1 : 80bfff8790c03031cb3b32a6e860628949f132dc
Comments are closed.