Protect Your Network With an Open-Source Firewall

Michael Scalisi, PC World
PC World
Friday, September 11, 2009; 1:19 AM

It's the rare IT person who doesn't sometimes run into a situation where they are helping a client or organization who has more IT needs than budget. Often it's the rule and not the exception. If you ever find yourself in a situation where you need a decently robust and full featured firewall and have a budget approaching zero, I have just the solution for you: SmoothWall Express.

SmoothWall Express 3.0 is an open source GNU/Linux firewall which is security-hardened and freely downloadable. By design, it has minimal hardware requirements and a small footprint. It should work with nearly any Pentium class computer with at least 128MB of RAM and a hard disk with a capacity of 2GB or greater. It'll likely work with that PC you have sitting in your closet that you've been too lazy to recycle. You'll want to have at least two network cards installed for basic use, and three or more if you want to have a DMZ or incorporate a wireless network. Keep in mind though, that your firewall's reliability is limited by the hardware on which it's installed.

Don't worry if you don't know much about Linux. Though the geeky can get down and dirty at the command line, SmoothWall is very easy to install and configure. It's meant to be managed via an integrated web interface, so it's appropriate to run it headless.

To install, first download the 81MB ISO file and burn it to a CD. For those in need of disk burning software, I'm a big fan of IMGBurn.

Then boot your system to the CD and run the installer which will wipe your hard disk and install SmoothWall Express. Just accepting the defaults will lead you to a good starting place. The first "hard" question you'll be asked is what you want the default security policy to be for outgoing requests.

The default is Half-Open which permits most outgoing traffic except for that which is potentially harmful. You may also choose Open which doesn't limit outgoing traffic at all, or Closed which requires that you later explicitly configure what traffic is permitted.

You'll then need to choose how you want to configure your network interfaces. Your interfaces will be Green, Red, Orange, or Purple.

The Green interface is your trusted LAN. Red is the evil and dangerous Internet. Orange is your DMZ, and Purple is your wireless LAN.

Next you choose which network card will be assigned to each role. SmoothWall will probe for and automatically detect most cards. You'll need to specify IP configuration and optionally DNS and Gateway settings.

Additional items that may be configured are Web Proxy, ISDN configuration, ADSL configuration, and DHCP configuration.

CONTINUED     1        >

© 2009 PC World Communications, Inc. All rights reserved