Fog Creek Software
Discussion Board




Smoothwall follow up

I remember you mentioning that you were planning on installing Smoothwall on a slow box ( http://www.joelonsoftware.com/news/fog0000000100.html ). I'm looking these days for an inexpensive firewall solution.

Did you try Smoothwall in the end? How did it work out? Would you recommend it today?

ICBW
Sunday, March 14, 2004

It was OK for a while, but as soon as we needed a VPN, the amount of work it would have taken to get working just wasn't cost justifiable, so we switched to a commercial turnkey firewall.

("It's only free if your time is worthless")

Joel Spolsky
Fog Creek Software
Monday, March 15, 2004

If you are looking for a reliable free/Open Source firewall, nothing beats pf on OpenBSD:

http://www.openbsd.org/faq/pf/index.html

And there's a book about pf:

http://www.amazon.com/exec/obidos/ASIN/8391665119/

Jacek Artymiak
Monday, March 15, 2004

Jacek: But how easy is it to set up the whole machine (BSD including networking (at least) as well as pf)? As in, can someone with no experience with those systems do it in a couple of hours?

The advantage of Smoothwall from what I can see is that it advertises itself as a simple package to install and administer. My requirements are pretty simple: all I need is a firewall that will protect one single box that needs to sit outside of the company's regular firewall. If other solutions aren't easy to implement, I am also considering just installing Kerio Personal Firewall on that box. It works great for my home computer (which is always connected to the internet).

ICBW
Monday, March 15, 2004

Check out ipcop at www.ipcop.org

Its a fork of the smoothwall source tree, it kicks ass and takes about 10 mins to set up.

Email me with questions.

Andrew Murray
Monday, March 15, 2004

Oh and ipcop supports VPN's easily.

Andrew Murray
Monday, March 15, 2004

I am amused by the "IPCOP supports VPNs easily".

It might support then with ease, but the setup isn't, at least not with the documentation I could find when I tried - specifically to connect my WinXP laptop to my domestic network. Tonnes lots of try this, guess that and install this obscure utility to no avail.

Now I might be missing a point, but equivalent searches in the smoothwall fora found me instructions and explanations I could understand - although as the proof of the pudding is in the eating and I haven't got there yet it remains to be seen whether its any better as a solution (for me).

Murph
Tuesday, March 16, 2004

I installed Smoothwall here some time ago on an old 200 MHz pentium. 3 gig hard disk, 256 megs ram (I think - it might have been 128, but I think we decided the extra ram was worth it.)

we have an ADSL connection, using an ethernet ADSL modem.  We have a "green" network (our lan) an "orange" network (some internet server boxes) and obviously the "red" network (the ADSL connection.)

I don't do VPN so I can't comment on that.

I'm not a networking guru, or a Linux guru, so I wasn't at all sure how it would go.

Frankly I was impressed. Took about 2 hours to get it going, including building the machine from spare bits. Worked (and continues to work) well.  I've applied the updates along the way and that was a breeze.  Has _excellent_ documentation - this for me was what made it so easy.

the only problem we've had since installing it is when the DNS entries we were using changed.  In the end our unix veteran was able to change this, but a re-install would also have done the trick. (It takes about 15 mins to install.) Ironically it appears that this is almost the only thing you can't change via the usual web interface.

Setting up the clients was trivial (and also well documented.)

While there may well be things it can't do - I'd recommend it to anyone based on what I've seen.

Forgive me gushing - but I like it when software "just works" - and the superb docs make it straightforward even if you don't have a clue...  I'm not related in anyway to Smoothwall - just a happy user.

Bruce

Bruce Johnson
Tuesday, March 16, 2004

Thanks for the additional info!

ICBW
Tuesday, March 16, 2004

I used Smothwall for about 2 years and IPCop for the last three months. They were fine, easy to configure, but VPN support was either non-existant or buried in the UI.

I just purchased a SnapGear VPN Firewall (specifically the SME530 @ ~$US350). It's a dedicated box about the size of an 8-port switch. It runs an embedded version of linux and is administrable via a web GUI.

It handles the basic NAT-based connection sharing as well as Smoothwall or IPCop, but it has a few nice additional features. Both IPSEC and PPTP client, server, and passthrough support are built in and very easy to set up. Some of the higher priced models support failover and allmost all support routing protocols (RIP, BGP, etc.) if you need them.

If IPCop would add the PopTop PPTP server, and Zebra routing daemon, they would pretty much have the same thing. It just a nice form factor to have and the company has been pretty good with firmware updates for security issues.

BrianM
Wednesday, March 17, 2004

I have a VPN server inside my local network. In ipcop, I enter its ip as my vpn next hop address... It can't get much more simple can it?

Andrew Murray
Monday, March 22, 2004

*  Recent Topics

*  Fog Creek Home