Beruflich Dokumente
Kultur Dokumente
PC Firewall
Note!! You may have been lead to believe that a router, with built in ADSL modem and
network switch, with NAT (network address translation) and stateful packet inspection, is all
that is required to be safe from hackers and that you don’t need a software solution (such as
Zone Alarm) or hardware firewall solution. Well, frankly your wrong! Extensive tests has
shown that with today’s internet activity, you would be mad not to invest in a firewall,
especially with the new threat from viruses such as the Sasser. Be safe! Get yourself a
firewall.
You only require the tower for the actual Firewall. During the building
and setting up of the firewall you will require a monitor; mouse &
keyboard. The tower unit when properly configured will operate without
the monitor; mouse & keyboard!
So, why will an old 486 do the job and what would be the advantage if I used a Pentium class
of computer?
You must download the installation guides and spend some time reading them before you
begin to build your firewall. The documentation is comprehensive giving full details of the
software installation process. However, you will find the different options difficult to follow
unless you decide upon which type of set up you want first.
Fig. 1 GREEN Interface – Home network side of Firewall RED Interface– Internet Side of firewall
You may find it helpful to read the other network guide booklets alongside this one to be able
to get a better overview of the networking options available.
You need to be able to create a bootable CD-Rom from the ISO image file. DO NOT simply
copy the files across onto a blank CD-Rom. The ISO image files at the beginning of the CD
are specially created to be recognized as a bootable CD-Rom, so burn your CD straight from
the ISO image file. Test the CD-Rom to make sure you can boot a computer from it. You can
use your own computer to do this by going into the BIOS and change the boot sequence to:
1st boot device - CD-Rom
When you have achieved the above successfully you are ready to begin building your
firewall. Remember to test your CD first as there is no point going any further if you cannot
boot and then load the files. There is an option to produce a bootable Floppy Disc, but I found
this unnecessary.
The network cards have proved to be very difficult for some computer builders to install,
especially when using the same make/type/chipset of network adaptor. This is because,
Smoothwall Express 2.0 during the installation of the software looks first for the GREEN
interface network adaptor and then the RED interface network adaptor making it difficult to
tell which is which when the cards are the same. Removing the cards and swapping them
over after installing the software DOES NOT solve the problem, the cards MAC address will
be different. However, it really is very simple when you know the install logic behind Linux.
Linux scans each PCI slot in turn, starting with PCI slot 1 first. Put the graphics card in PCI
slot 1 and then put the adaptor card you want as the GREEN interface into PCI slot 2 with
Wake-on-LAN (WOL), that way you know straight away you have set the correct network
card with WOL as the green interface (your home or office network).
PCI slot 1
GREEN interface
Netgear’s FA312 network adaptor - WOL
The first part of the operation is straight forward. Simply pop the CD into the CD-Rom drive
and make sure the BIOS is set to – 1st boot Device CD-Rom and follow the on-screen
instructions. The Linux OS will try to detect all of your hardware. It is during this stage of the
setup you MUST allocate an IP address for the GREEN interface network adaptor see Fig 2.
When the GREEN interface is configured, you will be prompted that the rest of the files are
to be installed. When this is complete you will be prompted to remove the CD. Follow the on
screen instructions to configure Smoothwall Express 2.0, they are well documented but don’t
worry if you make a mistake you can always logon again and change the setting. These are
the components which require setting up:
When you are done here, there are three passwords that you must set but make sure you
choose suitable passwords and make a note of them – you will be prompted for three:
• Admin ………………………………..
• Setup ………………………………..
• Root ………………………………..
The GREEN interface you configured first. You have the choice to use either your own IP
addresses or allow Smoothwall Express to act as a DHCP (Dynamic Host Control Protocol)
server. This means that the firewall will allocate an IP address to the computers on your
network when they boot up (note! You usually only ever have one DHCP server on a
network). This is where you may find problems, I did – getting the whole system to work
together i.e. Smoothwall and your ADSL router. All routers supplied with an integrated
ADSL modem by default are set to perform as a DHCP server and DNS (Domain Name
System) server. This is because of the routing of internet traffic through the router (Gateway),
each computers request on the network needs to be translated correctly and directed to the
internet via each DNS server ( you can have more than one of these). When the ADSL
modem logs onto your internet service providers server it requests the routing table ready to
perform the action of translating your browser requests into actual web address.
1. Your network computer browsers make an internet request – Smoothwall DNS server
translates the request and passes it onto the RED interface. The RED interface IP
address is set by your ADSL router.
2. The router accepts the requests and translates the request in accordance with your
Internet Service Providers DNS servers – this way all internet traffic is handled
correctly.
Give the GREEN interface a fixed IP address, and don’t worry about your router, just make
sure that the IP address you use is high enough not to interfere with any other devices that
may connect to the router via wireless etc.
Make sure you make a note of the GREEN interface IP address that you have chosen; you
will need this when you configure each of the computers on the Home/Office network. The
GREEN IP address will be used to set the Gateway IP address within the ‘network options’
settings for each computer on the network. Now you can give each computer a fixed IP
address which must be just above the GREEN interface IP address. Use the following
diagram to help you set each of the computers IP address including Smoothwall’s.
Computer 1 – IP addresses
IP Address: 192.168.0.10
Sudnet Mask: 255.255.255.0
Computer 2 – IP addresses
IP Address: 192.168.0.11
Sudnet Mask: 255.255.255.0
Well, that is it, you’re all done. All you need to do now is download the update for smooth
wall. They are hidden in the ‘Archives’ section – they are as follows:
1. Fixes1
2. Fixes2
3. Fixes3
Download each of the files onto your computers hard drive. You may wish to do this before
you connect Smoothwall Express 2.0 as these update are required for some hardware
problems!
To Up-Load the files to Smoothwall – Logon to Smoothwall (see below) and select
‘Maintenance’
Once you have found each of the files – upload each in turn. They must be installed in turn
starting with ‘Fixes1’ first – then reboot for the update to install before you repeat the above
for the other ‘Fixes’.
Your firewall is now ready to run. If all is well you should be able to get straight onto the
internet without any trouble. To Log onto Smoothwall use the following in your Browser
setting:
If you are unable to connect to the internet you should be able to logon to Smoothwall to
check your setting!