Remotely accessing a server behind Smoothwall Express

biometrics

biometrics

Honorary Master
Joined
Aug 7, 2003
Messages
71,856
Reaction score
2,239
What's the easiest way (preferably free) to remotely access an Ubuntu server behind a Smoothwall Express firewall?

I was thinking of trying FreeLAN today.

Suggestions?

Edit: it's on ADSL so I'll use Dyndns to find IP address.

Edit 2: need to access Samba shares, SVN, SSH etc.
 
Last edited:
Have you already set up port forwarding to the server in Smoothwall or do you want to set up a VPN ?
 
Last edited:
AFAIK Smoothwall has a VPN built in. Not sure if it is suited for your requirements though.
 
ITCynic said:
AFAIK Smoothwall has a VPN built in. Not sure if it is suited for your requirements though.
Click to expand...

We're using the free Smoothwall Express. It only supports connecting to another Smoothwall Express. We want to connect Windows laptops to the server.
 
It all depends.

From my experience, you can do one of many things :

1. Set up a PPTP VPN server on your network. This can be a Windows or Linux box.
2. Portforward port 1723 and GRE protocol 47 to this specific PC.
If you're using an older Smoothwall version (3.0 and older) you can use this script :
Code: 
Background: 
A PPTP VPN server requires TCP port 1723 forwarded to the VPN server, as well as the GRE protocol (protocol 47). 

As the Smoothwall web interface doesn't provide functionality for forwarding the GRE protocol, you'll have to edit the firewall script. 

Editing the Firewall Script: 
Smoothwall's iptables firewall configuration is stored in /etc/rc.d/rc.firewall.up, so to make changes to the firewall, you'll need to edit this script. 

As with any modifications to your Smoothwall, make a backup copy of this file before making any changes to it, so you can easily revert back to a known working version. 

Firewall Script Changes: 
At the end of /etc/rc.d/rc.firewall.up, add the following: 

vpnserver="172.16.0.2"
/sbin/iptables -N pptp
/sbin/iptables -A pptp -p tcp --destination-port 1723 --dst $vpnserver -j ACCEPT
/sbin/iptables -A pptp -p 47 --dst $vpnserver -j ACCEPT
/sbin/iptables -I FORWARD -j pptp
/sbin/iptables -t nat -N pptp
/sbin/iptables -t nat -A pptp -i $RED_DEV -p tcp --dport 1723 -j DNAT --to $vpnserver:1723
/sbin/iptables -t nat -A pptp -i $RED_DEV -p 47 -j DNAT --to $vpnserver
/sbin/iptables -t nat -A PREROUTING -j pptp

The above commands will configure your firewall to forward TCP port 1723, as well as GRE traffic to the specified IP address. 

Note that you'll have to replace 172.16.0.2 with the actual IP address of your PPTP VPN server.

If you're using Smoothwall versions 3.0 and higher, you can install Full Firewall Control, and use that to set the portforward options.

Or, if you don't want to use PPTP VPN (since it is not 100% secure) you can also look at either using Zerina (openVPN) on Smoothwall, or on an internal PC on your LAN.

Then there's Teamviewer and others which you can run from inside your LAN.

Your decision then :)
 
biometrics said:
We're using the free Smoothwall Express. It only supports connecting to another Smoothwall Express. We want to connect Windows laptops to the server.
Click to expand...

Correct. The built-in VPN is for site-to-site tunneling only.

You can take a shufty at Zerina for Smoothwall, or use any other openVPN server on the inside of your LAN...
 
Generally one would use a VPN: that said I have no knowledge of what you would require for Smoothwall.

BTW be careful of laptops accessing your network / servers. I know of an instance where the salesman allowed his kids to play with his laptop. They managed to 'acquire' a virus or two, which was promptly spread to the network when he next logged in.

The problem - apart from the salesman, that is :) - was that the network anti-virus software treated him as a workstation (that was routinely scanned at night) and so didn't check his machine when he logged in ...
 
Thanks Ook, looks like Zerina is going to work for me and it's integrated into the Smoothwall GUI :love:
 
biometrics said:
What's the easiest way (preferably free) to remotely access an Ubuntu server behind a Smoothwall Express firewall?

I was thinking of trying FreeLAN today.

Suggestions?

Edit: it's on ADSL so I'll use Dyndns to find IP address.

Edit 2: need to access Samba shares, SVN, SSH etc.
Click to expand...

I'm going to be mean to Smoothwall and say pick PFSense.

It's a better product and doesn't limit functionality by version or require payment - although donations are welcome and you can pay for a support contract if you like.

Far more customization and it's really amazing what you can do in terms of functionality.
 
jsheed_sa said:
I'm going to be mean to Smoothwall and say pick PFSense.

It's a better product and doesn't limit functionality by version or require payment - although donations are welcome and you can pay for a support contract if you like.

Far more customization and it's really amazing what you can do in terms of functionality.
Click to expand...

If time wasn't limited then I'd give it a go. As it is I need this running on our live setup in a day or two. So I'll rather stick to what we have and currently working and add on the VPN.
 
biometrics said:
If time wasn't limited then I'd give it a go. As it is I need this running on our live setup in a day or two. So I'll rather stick to what we have and currently working and add on the VPN.
Click to expand...

Then do the OpenVPN route. I'd look at doing some form of 2 factor auth.

e.g. store a secret on firewall + PIN. User then has that secret on their phone only, they then type their PIN in on their phone and it generates a password via the secret + PIN + time. This adds another level of security to just a plain password.

Completely do-able on PFSense via FreeRadius and OTP. Not sure if Smoothwall has an equivalent?
 
jsheed_sa said:
Then do the OpenVPN route. I'd look at doing some form of 2 factor auth.

e.g. store a secret on firewall + PIN. User then has that secret on their phone only, they then type their PIN in on their phone and it generates a password via the secret + PIN + time. This adds another level of security to just a plain password.

Completely do-able on PFSense via FreeRadius and OTP. Not sure if Smoothwall has an equivalent?
Click to expand...

Zerina for Smoothwall is based on OpenVPN, Ook suggested it earlier. Got it installed and running. Just need to familiarise myself with the options and test the setup.
 
biometrics said:
What's the easiest way (preferably free) to remotely access an Ubuntu server behind a Smoothwall Express firewall?

I was thinking of trying FreeLAN today.

Suggestions?

Edit: it's on ADSL so I'll use Dyndns to find IP address.

Edit 2: need to access Samba shares, SVN, SSH etc.
Click to expand...

Soft Ether is free (and now open sourced) software and has various modes for negotiating firewalls with or without port forwarding. There is also a free service where you can connect via Azure if you don't have a static IP.

I've been using it on and off for about a year and a half now (first saw it in a MyBB post) and I keep finding all new sorts of awesomeness with this software.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X