Smoothwall Firewall consideration

T

Toby

Senior Member
Joined
Apr 29, 2005
Messages
523
Reaction score
1
Location
SirCastle
I have built a Smoothwall Express 2.0 Firewall on an Old p2, and am looking to use it live.

I currently have a Microcom ADSL Modem (EtherNet) connected to a WRT54G Router. I suspect a lot of icmp's against my adsl router, contribution to caps being reached. I also discovered some apps use valid ports 80. 21 etc etc that constantly access the Internet. I would like to catch this type of activity with Smoothwall, and block..

I am a linux Newbie, but have TCPIP and some Hardware Firewall experience. I view Smoothwall as a better bet. I can Drop ICMP / Syn attemps from Smoothwall rather than have the ADSL modem just keep accepting them, but the WRT54G dropping them

Smoothwall recommends taking the ADSL Router into Bridged Mode only. I will probably have to do the same to the Linksys. I still need the wireless though for Laptop usage..

Whats the best way to test that it is working properly fromt he Interet Side. Does anyone know of a site that will mimic/create non destructive scans / attacks against my Internet Side IP addy for testing purposes..
 
Welcome to the Revolution! ;)

www.grc.com will not achieve the results you're looking for. Time and again this same question have been asked on the Smoothwall forums.

What happens is that you initiate the test results from a PC on your GREEN network to outside, and this initiation opens a connection, and this connection is picked up by Shields Up, which tend to give a skewed result, leading you to believe that there are port(s) open, which is wrong.

The best way to test your Smoothwall (as I have done with mine) is to run nmap from an outside PC against your Smoothwall. You can ask a trusted friend to do this. This way you can verify whether there are any open ports.

Regards

Libs (also Librarian on the Smoothwall community forums).
 
Toby said:
Smoothwall recommends taking the ADSL Router into Bridged Mode only. I will probably have to do the same to the Linksys. I still need the wireless though for Laptop usage..
Click to expand...
All you have to do to the linksys is turn off its dhcp and set its IP to a range within smoothwalls range and plug it into the switch, i have mine set up like this and it works a treat
 
In summary my Problem is the following.

I have bandwidth being used excessivly which I am battling to Trace.

All Virus, spyWare checked for and confirmed clean
All Network type resident Programs removed (Gmail Notifier, Windows Live Messanger Beta, skype) etc etc.

Bandwidth Loss Continuing.

What I want to do.

Get full logs of all sites, IP address and TCP/IP ports used.

Allow the following - i.e No P2P

HTTP
HTTPS
DNS Queries
FTP
SMTP and POP3 - For Mail.
Also Only allow mail Traffic to work against my ISP mail servers - In case of a Trojan/Worm sending out to arbitary addresses.

Then Drop all other Ports

Question is.

Out of Box Config, (Red and Green working on Test Bench) what additional setups/tasks required on Smoothwall - Any good links for Smoothwall newbies

I would presume a first rule of DROP ALL PORTS (How do I implement "Rules" on Smoothwall - I am aware of IPTables but seems tedious)
Then rules to allow above - This is how i would do it on a Commercial Windows Firewall - Dont Laugh -

On hardware Side, I presume ADSL Router switched to Bridge Mode
Linksys wrt54G (for Laptop wireless) connected to Smoothwall via LAN Port (Not WAN Port) - LinkSys wrt54g I presume I can still use Wireless Security

I use WPA-PSK with SSID Renamed and Broadcast Disabled and MAC Filtering - Only Laptop MAC Allowed - I do not think my Problem is a Wireless Security breach from a Neighbour etc etc.

Cheers


a
 
Last edited:
Have a look at the FFC (Full Firewall Control) mod posted by Netwhiz on the Homebrew section - this will allow you to control exactly which ports to deny and which to allow - it is very user-friendly and flexible, and very powerful.

You can also have a look at the Bandview mod to view IP usage per IP adress.

Regards

Libs
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X