Re: firewall options
On Saturday 12 October 2002 08:24, Rob Weir wrote:
> On Sun, Oct 06, 2002 at 08:24:20PM +0100, john gennard wrote:
> > I have a small home LAN and decided to protect it with a
> > [snip]
> > Although I can access the Smoothwall box from browsers on either
> > of my other boxes, I can't configure it (not even the ppp
> > connection). I asked Smoothwall's list for assistance but got no
> > reply from anyone using Debian and can find no help searching
> > the net.
>
> What do you mean you can't configure it? You can't SSH into the
> Smoothwall box, or when you do the changes don't stick or...
>
Just that I can't seem to alter any of the settings that were
'probed' by the program (some of which I know are incorrect),
or for example create a ppp profile. There's an error message 'can't
change profile whilst red channel is active' and no explanation of
how to deactivate it. I managed to do so on one ocassion by going
well back inti the install program. I can get into the Smoothwall
box from a browser on either of the other boxes, but that's no help.
>
> Also, I keep hearing stories about the Smoothwall developers
> refusing to help people who don't pay them...IPCop
> (http://www.ipcop.net/) is a fork of Smoothwall with the express
> intent to be nicer to people:)
>
Yes, I was aware of this situation - of course the pro lobby cry
'foul'
>
> > I'm now wondering if it might be better to get rid of Smoothwall
> > and put a minimal installation of Debian on the firewall box.
> > Does anyone have any advice, please?
>
> This is extremely easy to do. Just do a basic install on the box,
> then add the ipmasq package. It'll handle most everything by
> default.
>
See later.
>
> > There are a number of 'annoying' things with Smoothwall despite
> > [snip]
> > to Windows - it certainly gives much more info on configuring
> > for that.
>
> I've never used Smoothwall in my life, so I've got no advice for
> you here. If you switch to Debian, however, you'll have the help
> of all the nice people on this list to back you up.
>
> > Any suggestions what I should consider doing? Whichever way
> > I proceed, I shall need help in configuring my boxes to 'go
> > through the firewall' to get email, download data and browse
> > etc.
>
> Another nice thing about using Debian for your firewall is that it
> can handle other things for you. If it has the horsepower, you
> can run Squid (a HTTP caching proxy) to speed up browsing, a mail
> server to forward your mail around, and store it so you can read
> it via IMAP or POP3 from work (or wherever), a DNS server to cache
> remote lookups and to let you centralise your machine naming, etc,
> etc, etc.
>
Now this is excellent from my point of view - it tells me what is
not evident form what I've read elsewhere. I had already made up my
mind to do this - I managed to get hold of a new 10Gig drive
yesterday which will leave me plenty of space for a large cache.
However, I've had an offer of help with Smoothwall via a chat room
and shall first take this up so that I can find out why I couldn't
get the thing to work.
I've managed to find a very comprehensive write-up on how to
configure the Debian box as a dedicated firewall and router
(prints out at 74 pages) - I've no doubt I'll get stuck somewhere,
but as you say I've always the list to fall back on.
I'm very grateful for the response.
John.
Reply to: