Linked by Niall C. Brady on Tue 3rd Feb 2004 20:17 UTC
Linux For those that don't already know, smoothwall is a very slick and easy way to setup a firewall/nat/dhcp server (and more) at home or in a small office very quickly even on old computer equipment. I have used Smoothwall 1.0 in the past and liked its features (although at the time, I did have a problem with Snort failing to start after I updated the software with some fixes...). It served on an old Pentium II 400mhz machine with two NICs inside (network cards). One was the 'green' interface (more about that later) and the other was the 'red' interface. I used that setup for quite a few months, mainly because I wanted to see what alternatives there were to hardware based firewalls (such as DLink gateways/firewalls) that I had been using.
Order by: Score:
Why not use IPCop instead?
by Syntaxis on Tue 3rd Feb 2004 20:47 UTC

Smoothwall Limited (the company behind SmoothWall) deliberately restricts the development of the GPLed SmoothWall Express to encourage people to buy their Corporate Server product instead. (For one of the most glaring examples, does SmoothWall GPL even use a journalled filesystem yet?)

IPCop (http://www.ipcop.org) is a fork (now quite established in its own right) of the SmoothWall codebase, and has pretty much the same functionality but without the inherent conflict of interest mentioned above.

IPCop
by William on Tue 3rd Feb 2004 20:50 UTC

http://www.ipcop.org/ IPCop is a fork of the last GPL release of Smoothwall (1.0) and it seems to have all the features detailed in the article. I use IPCop with a pentium 75 and it runs like a dream.

The IPCop team is working on some interesting stuff for the next release. Moving from being based on Redhat to Linux from Scratch, wireless support (blue interface) and traffic shaping are notable. http://www.ipcop.org/cgi-bin/twiki/view/IPCop/RoadMap

Looks nice...
by Anonymous on Tue 3rd Feb 2004 20:52 UTC

Looks nice, but I still prefer setting up an OpenBSD box with PF. Don't get me wrong, I love Linux on the desktop and for certain types of servers, but from a security perspective, I just feel a lot safer trusting my firewall to OpenBSD. Additionally, the documentation is excellent, which easily compensates for the slightly more difficult initial setup.

OpenBSD
by TheDude on Tue 3rd Feb 2004 20:54 UTC

Never been able to get Smoothwall or IPCop running behind my landlord's Linksys router for my own LAN. OpenBSD had no problem and runs like a dream. No fancy GUIs, just secure, functional, free.

IPCop
by thomas on Tue 3rd Feb 2004 20:55 UTC

IPCop is not a fork anymore, it was on the beginning.
I prefer IPcop always over Smoothie, and it works like a dream, absolute flawlessly.

In addition, some background history...
by Syntaxis on Tue 3rd Feb 2004 21:05 UTC

SmoothWall Limited was founded by a deranged monster of a man, the aptly named Dick [Richard] Morrell. A Google trawl will reveal some of his posts to the support lists, and some juicy quotations can still be found in the comments of the Freshmeat listing (http://freshmeat.net/projects/smoothwall).

Aside from the personal abuse he loved to hurl around, he tried to make the product no longer Open Source, and attempted to close down the support lists, claiming that the users of the GPL version were nothing but leechers and were thus unworthy of any support whatsoever.

Given the combo of the founder's personality and the deliberate restriction of development which continues to this day, it's really not hard to see why IPCop was created.

I just thought this background info would be useful to forestall the inevitable "How dare they - they're depriving the company of money that's theirs by right!" comments which appeared in droves when OSNews covered the porting of QT GPL to Windows. SmoothWall Limited's actions more than justified the fork.

What about Devil Linux?
by Mr. Banned on Tue 3rd Feb 2004 21:08 UTC

I just burned the ISO for Devil last week to check out, but haven't gotten around to it yet (I need to install a floppy disk in my ol' PII 400 that's currently running Linux off the hard drive for this same job).

Anyone have any experiences with Devil vs. IPCop vs. Smoothwall??

What happened to IPCop?
by TheDude on Tue 3rd Feb 2004 21:08 UTC

Noticed their site's down

Stuff smoothwall
by dick morrell on Tue 3rd Feb 2004 21:12 UTC

I now recommend m0n0wall http://www.m0n0.ch/wall/

DM

RE: What happened to IPCop?
by hi on Tue 3rd Feb 2004 21:14 UTC

You can download it off of Sourceforge.

Others firewalls
by Evil on Tue 3rd Feb 2004 21:28 UTC

You could just use closedbsd (http://closedbsd.org/) from a floppy or cd.

Is this for real?
by PeaceMaker on Tue 3rd Feb 2004 21:31 UTC
Re: Is this for real?
by Syntaxis on Tue 3rd Feb 2004 21:46 UTC

Yes, that sounds like the guy alright.

I can't find the particular emails in question cross-referenced anywhere else, but that really doesn't matter.

Just search Google Groups for "Richard Morrell" and a certain four-letter expletive/swearword (begins with the letter F, rhymes with "duck") and you'll have all the corroborating evidence you could ever need.

webmail
by stevev on Tue 3rd Feb 2004 21:56 UTC

Anyone have any experience getting a webmail server to work on either smoothwall or ipcop?

My vote: Monowall
by acobar on Tue 3rd Feb 2004 21:56 UTC

Don't know about the others, but monowall is easy to install, easy to setup and has a small resource needs. To me it's the best.

Firewall builder
by Karim Ben Ayed on Tue 3rd Feb 2004 21:58 UTC

Another excellent software is Firewall Builder http://www.fwbuilder.org/. Its graphical interfact is very similar to the commercially available firwall devices.

I use it on a 12 years old 486DX 100 with 48 Megs of ram as the server with a cdrom and no hard drive.

Gentoo is used as the OS. I compiled a minimal version with only the required components and customized it to boot from a disk and then kicks on the cdrom as its bios can't boot from the cdrom directly.

Only the files that are required to be writable are available in the ram file system as links. The rest are available from the cd in order to conserve ram and to minimize hacking impact if any, no one can modify the /etc/shadow and passwd files or almost anything else of a value.

The iptables firewall script is generated by Firwall Builder that is available on another box.

This machine is up for over a year and is rock solid and very secure.


On another note, Linux, FreeBSD and OpenBSD are almost equally secure if configured correctly. I don't really have a reason of using one versus the other short of personal preferences.



For home use...
by blixel on Tue 3rd Feb 2004 22:06 UTC

These PC based firewalls are cool to play around with, but for home use I think a Linksys/Netgear firewall router is often times going to be a perfectly suitable choice. A computer (even an old one) wastes a lot of electricity and generates a lot of heat and noise.

I use to have a PII 233MHz Linux "server" setup that I used for various things such as a firewall/nat/ftp/file server/samba/etc... That didn't feel like quite as big of a waste since I was doing various things with it. But even still 95% of the time it's only task was to direct traffic from my LAN to the Internet. I just couldn't ever get it out of my head how much power was being wasted by that computer so I bought a Netgear router and retired the server. I'm sure the money I spent on the Netgear router/firewall ($40 I believe) has long since paid for itself in power savings.

Granted though, some people are going to need something more than a Netgear router (like the guy in the article pointed out - his needs exceeded the capacity of his router).

Why Red and Green
by Langalf on Tue 3rd Feb 2004 22:55 UTC

This may be obvious but since the reviewer did not know, I will state it. In process and industrial control "red" is running equipment and therefor unsafe; "green" is stopped equipment and therefor safe. Thus, the "red" LAN is the unsafe LAN; the "green" LAN the safe one.

Amusing
by Kon on Tue 3rd Feb 2004 23:12 UTC

This whole smoothwall episode reads better than a soap opera!

On another note Guardian Digital www.guardiandigital.com also produces a linux based FW, which is free for home use, and quite good if you like the point and click GUI admin style.

Dick Morrell is no longer with Smoothwall
by Anonymous on Tue 3rd Feb 2004 23:49 UTC

and hasn't been for close to a year. He has *NO* connections with Smoothwall anymore. If you see/hear Dick speaking about Smoothwall, ignore him. He was fired a long time ago, for very obvious reasons. ;)

I can find no mention anywhere of the guy being fired, only that he "left". Do you have any sources to back this up?

On his own web page (http://www.dickmorrell.com/news.html) he claims that in fact he sold his stake in the company and moved on of his own volition.

The rest of the SmoothWall team/company did very little to oppose his behaviour whilst he was there, and therefore they should (IMO) share some of the responsibility for his actions. SmoothWall Limited has also not (AFAIK) made any effort to apologise for his actions since he left.

Lastly, on http://www.smoothwall.org/team/kudos.html they even go so far as to thank him for his "hard work, generosity and passion"!

IP Cop, OpenBSD, Devil Linux, etc.
by Melvin on Wed 4th Feb 2004 00:26 UTC

Instead of recommending product X over Y, wouldn't it be better to simply tell people that if they want a firewall with more features than a D-Link or a Linksys, they have many software options to choose from ?

Worth noting
by anonymous on Wed 4th Feb 2004 00:34 UTC

In the defense of SmoothWall Ltd, as of March 2003 Richard Morell is no longer an employee or director of SmoothWall Ltd.

SmoothWall have a press release about this at http://www.smoothwall.net/information/press/pressitem.php?id=6 and I shall leave you to your own conclusions about what this actually means. Although it does have a certain "politically correct" feel to it.

SmoothWall now has a new commitment to the GPL project (redubbed Express) and sees the launch of Express 2.0, it's subsequent launch party and revamp of of the smoothwall.org website as the start of a new long term focus on both Express and GPL projects in general.

It should also be noted also that Express does support EXT3 (journalled filesystem)

The things I like about smoothwall

a) Easy patching
b) supports PPPOE to my isp - (I think I set my red interface up as a PPP client, rather than adsl or dhcp)
c) automatically maps to a dynamic dns service on restart.

choices, choices
by neuro on Wed 4th Feb 2004 01:02 UTC

Thanks to osnews for carrying this nice review! Along with other positive reviews and comments we've had for SmoothWall Express 2.0, I'm sure I speak for the team that we're really pleased all the hard work thus far has paid off.

As to other firewalls, it seems to me that open source Un*x distros - and vertical ones such as appliance-like firewalls - will always be a partitioned space, with proponents and defendants shouting their corners. Every recent computer age has had them: Commodore 64 vs Sinclair Spectrum, Commodore Amiga vs Atari ST (Jack Tramiel clearly had a lot to answer for!), Sega Dreamcast vs Sony Playstation, et al. The sheer level of choice afforded by those prepared to defend their patch of the Internet is due not only to the rich variety of offerings, but also to the number of talented developers the world over prepared to devote their time to the causes of security and open source. It also means flame wars from time to time - I hope that for our part at least, there's no need for that kind of thing to happen any more. I tired of the arguing a long time ago, as did a lot of people, so just use what you use and enjoy it, but make sure you keep on top of it in terms of updates - no point having a firewall that's not been updated in a year or four!

I obviously love SmoothWall. I almost eat, sleep and breathe it. Others love it too. Others still have their own choices. Perhaps this review, and others like it, will make people reconsider their choices, or perhaps not - that's the point of open source, and it's great!

I personally feel privileged to be a part of this grand endeavour. Yes, Kon, it has felt like a bit of a soap opera at times, but all the best sagas have a bit of drama from time to time! A long, long MTU path ago, in an IP fragment far far away ... ;)

Re: IP Cop, OpenBSD, Devil Linux, etc
by TheDude on Wed 4th Feb 2004 01:13 UTC

Because this site is about opinion.

Funny...
by WiLLiE on Wed 4th Feb 2004 01:33 UTC

Funny noone mentioned ClarkConnect. (http://www.clarkconnect.com)

I've tried both IPCop and Smoothwall,
and they're nothing compared to ClarkConnect hands down.

re: ClarkConnect
by Mr. Banned on Wed 4th Feb 2004 01:38 UTC

Funny noone mentioned ClarkConnect. (http://www.clarkconnect.com)


I'm probably going out on a limb here, but I'm guessing it's because ClarkConnect is a commercial product and costs $$$.

I suspect your average OSNews reader is much like your average Slashdotter in that Free (as in beer) comes out miles ahead of Not Free (as in... Well, ClarkConnect).

I'm just guessing that from a quick persusal of their website thoough. I've never actually used it.

re: re: ClarkConnect
by Don Elings on Wed 4th Feb 2004 01:53 UTC

ClarkConnect is an excellent program.... Free or Not

re: re: ClarkConnect
by WiLLiE on Wed 4th Feb 2004 03:31 UTC

There are two versions.

ClarkConnect Home
ClarkConnect Office

ClarkConnect Home is free. (non-commercial use only)

ClarkConnect
by MarkWPiper on Wed 4th Feb 2004 04:02 UTC

Just this week I installed the new ClarkConnect, the free Home edition. I was also * extremely * impressed. It is very easily configurable, and very extensible. Moreover, by just applying a little elbow grease it's relatively easy to get most of the features of the Office edition. Perhaps I'll write up a review of it for OSNews.

I encourage anyone to give it a try. Its scope goes beyond that of simply a firewall (additionaly providing many types of servers), differentiating it a bit from the likes of smoothwall. In my opinion the long term costs (in power and time spent) just don't justify using a software firewall-only box.

I think a solution like ClarkConnect, which provides so much functionality, is the right option for a dedicated box.

Has anyone tried sme server (used to be called e-smith)? I think its a similar product to ClarkConnect, and I'm curious to hear people's opinions.

RE: re: ClarkConnect
by BigK on Wed 4th Feb 2004 04:50 UTC

ClarkConnect is free for non-commercial use.

dont forget...
by Ophidian on Wed 4th Feb 2004 06:00 UTC

astaro is an awesome product, albeit not free if you want to use their web interface

i was evaluating it for use with some clients one time, and as long as you are willing to license the features, there is very little it doesnt do as a firewall/vpn gateway/proxy server that i would ever think i would need to do.

for here i use ipcop, but i like how you can customize it beyond what you can do with a netgear/dlink/linksys router

Outgoing protection?
by gord_e on Wed 4th Feb 2004 10:39 UTC

Yep, its simple to install (and for me that's essential). BUT... While the incoming firewall protection has been excellent on my Smoothwall 2.0 Express (normal) box, any comments on whether the 'Final' version improves on outgoing protection? Why is the default outgoing firewall protection so lame? G:)

Richard...
by thomas on Wed 4th Feb 2004 14:17 UTC

Richard is like a Elephant in a Glashouse - this is well-known, even for german readers, as published in c't
magazine long time ago.

IpCop
by thomas on Wed 4th Feb 2004 14:28 UTC

...was created, because for the behaviour of Mr. Morell,
and being alltime that aggressive to loyal users, that was
where it all begun. No bashing, but everyone's knowing for
today that Richard is a big A**.

ext3
by thomas on Wed 4th Feb 2004 14:43 UTC

IPCop uses ext3 for ages! ;)

Richard, IPCop, ext3
by Anonymous on Wed 4th Feb 2004 17:20 UTC

As has SmoothWall had ext3 for about 18 months.

Dick Morell is long gone since march 2003 which was a good move by the project and the company. Why can't people just move on and stop blaming good people for what he did and the way he acted and his lies.

SmoothWall Express continues to be developed and supported and paid for by the company as it always has been. It also has dedicated staff to produce patches quickly.

If you are going to diss a distro or firewall at least get up to date on it!

I take it back
by Syntaxis on Wed 4th Feb 2004 21:30 UTC

Some SmoothWall Limited employees kindly took the time to get in touch with me and set me straight.

I take back what I said in my earlier posts. Please evaluate their offerings on their technical merits, and not on the company's past actions under Richard Morrell.

@syntaxis
by NiallC. Brady on Wed 4th Feb 2004 22:09 UTC

good on you for taking it back,

give smoothwall a chance, the review was written with an open mind, and I must confess I like smoothwall,

it's still running and will no doubt continue to run !

I hope that others will read the review and consider using smoothwall based on the information supplied and not on past experiences with certain people.

cheers

Niall.

S.M.E. aka e-smith
by steve on Wed 4th Feb 2004 23:13 UTC

I've been using it for my home server for a while. I lump it in with the distros that are very easy to use in default configurations, but very hard to use in non default configs. I also had a lot of problems getting things like weblog software, port opening, etc. to work because of changes they made in directory structure. Their templating system is asinine.

Getting PPPoE/PPPoA instead of com ports
by L. Walker on Thu 5th Feb 2004 02:43 UTC

get a shell, and run setup.
Under Networking ;)

Have fun.

FreeSCO
by Chris on Thu 5th Feb 2004 16:36 UTC

There is another linux-based firewall distro out there, called FreeSCO (as in FREE ciSCO, not that other evil company). It cna be run off a floppy or hard drive.

http://www.freesco.org

sme server
by steve on Thu 5th Feb 2004 18:14 UTC

"Has anyone tried sme server (used to be called e-smith)? I think its a similar product to ClarkConnect, and I'm curious to hear people's opinions."

i have used it for about 5 years and think it is a fantastic product, lots of contribs for it
unfortunately, Mitel has decided to no longer develop SME server
there is a community of folks looking to keep it going over at
contribs.org
so go check it out

Smoothwall ?! M0n0wall!
by albi on Thu 5th Feb 2004 18:25 UTC

M0n0wall, based on FreeBSD is imho a very cool firewall, run it either from cdrom or hdd (or soekris) --> http://www.m0n0.ch/wall and only a 4 Mb download ;)

Smoothwall & Open Source
by Bruce on Fri 6th Feb 2004 01:18 UTC

We have used Smoothwall at our small business for about 3 months and it has worked perfectly. It is a very good free product which meets our limited needs. If our future needs require greater capabilities I will certainly consider the company's commercial offerings as well as Shorewall and other open source offerings.