The 10 Minute Linux Firewall

If you’re like me…you still have to run some form of Windows for daily operations at your house or office. While most of the time there are helpful hardware additions at work such as a firewall/avtivirus…at home, you’ll find a more simple router/firewall and antivirus solution that doesn’t protect as well. While this is better than nothing, it also doesn’t have the power that a Linux firewall does…nor does it have the ability to patch itself when a vulnerability is discovered.

Did you know that most router/firewalls that you can buy at the store come with a set of default passwords that work on ALL MODELS? Yours could be open to hacking right now. To lock down your network, you can take an old computer, install Linux, and use it as a firewall with your own custom rules and regulations…plus it’s great to show off to the ladies Wink ;) lol.

I wrote a tutorial on how to do this at http://daniweb.com. If this sounds like something you’d be interested in (very easy to follow directions) then check out this link: http://daniweb.com/tutorials/tutorial14094.html.

Or continue reading the article in full below…

 

The 10 Minute Linux Firewall

At the forefront of almost every single System Administrators mind is security. Redmond has been catching a lot of flack lately about not being as secure as they could be. As some of you have noticed, there has been a market swing in the use of Mozilla and Firefox as webbrowsers, creating a small nick into the 90% marketshare that Redmond owns with IE. Some IT Specialists are also seeing the same swing in the Server market.

So what does this have to do with Firewalls? Well, just like switching webrowsers or servers away from M$, a Linux firewall means added security AND possibly even increased browsing speed. Today, I’ll discuss the easiest way to get up and running with the 5 minute Linux firewall.

First things first. I’m not going to go into detail on many distros…I’m going with one that I know work…and that I know work FAST…and that would be something a ‘Windows’ person could install and configure in a matter of minutes. In my mind, the easiest distro is Smoothwall.

So let’s get started. We need to burn the .ISO CD first after we download Smoothwall. Use your favorite burning software…I use Nero 6. Set to burn an image file and choose .iso. Allow all default settings and complete your burn.

Assuming you got the image burned to disk, you’ll now need a spare computer to run things on. Most people are surprised by the limited resources that Linux can work with. Smoothwall Express the distribution we will be installing?requires the following specifications for hardware:

  • 150Mhz Processor or higher
  • 64MB of RAM (more is recommended)
  • 2GB IDE hard disk
  • IDE CDROM
  • Any Video Card
  • Any monitor
  • Any Keyboard
  • Mouse Not needed
  • 2 Network Cards (since this is our firewall?one needed for standalone)
  • ISDN/DSL/Cable Modem and Access

In this instance, we’re going to assume that you have a cable modem. If you require help setting up other forms of access, help will be provided for you after the install. So, onward we go. Put together your spare computer and boot up off the CD

NOTE: Older computers sometimes do not have bootable CDROMs. If your computer does not allow a bootup off of CDROM, you can use Smoothwall to create a boot CD. Load the Smoothwall CD into a Windows 95/98/XP/2000/NT Computer that you have spare and the autorun should pop open a dialog for you. Browse the CD for the installation guide that is in .pdf format and open it up. It will explain everything about booting off the floppy drive.

Smoothwall will take you through an installation routine that is fairly straightforward. Just hit return on the first two options which ask you where you want to install from. They are default selected for a CDROM install which is what we are assuming you are doing for this tutorial.

FYI: Smoothwall uses three “interface models”. The first is the GREEN interface which will be the network card you use to connect your firewall (smoothwall) to the rest of you LAN. The second interface is the ORANGE interface. This interface is also referred to as a DMZ (demilitarized zone). This interface is used for computers you connect to the internet but that you don’t trust as much as you do your LAN computers. A good example might be your buddies coming over to have a LAN party. Lastly, we have the RED interface. This interface is connected to the outside world. Throughout this tutorial, we?ll refer to those interfaces using the color codes.

Follow all the prompts to install onto your hard disk. You should arrive to a ?basic network configuration? screen. We?ll configure GREEN first. Green will be your NIC (network interface card) connected to the LAN. Using manual settings, input an IP address of your choosing or use: 192.168.0.1 subnet: 255.255.255.0

Next up is the RED interface. This is the NIC that connects externally to the internet either through a modem or directly. This card should autodetect and get an IP address from your ISP.

The option you can select when the GREEN interface selection appears is ?probe?. Smoothwall will probe your computer for the correct NIC and attempt to install it. If it cannot install, you can select manual and select from the list your NIC card. After installing the first NIC, Smoothwall will attempt to install the second as well for your RED interface. Remember to assign your GREEN interface with an IP address of your choosing or the one specified above.

After your network is configured, Smoothwall begins its stock install. Sit back and relax for approximately 1 minute. The CD will eject upon completion of install. All together, this should come to approximately 5 minutes or so; when doing the procedure to write this, it took 3 minutes.

After the installation, you?ll be prompted to ‘setup’ your install. Here you can opt to restore from a backup floppy, map your keyboard, and select a hostname. A hostname is a name that you can call your computer that will allow you to remember it and find it on the network. I usually choose something interesting for my hostname but have been using lostbox for the last couple of years. The default hostname is smoothwall. Note that it should be lowercase and alpha characters. Type in your hostname and select ‘ok’.

The next screen will prompt you to enter information about your web proxy (ISP?s sometimes have one and require their users to use it). If you don’t know about this leave it blank and hit ok.

Next, Smoothwall checks for any dialup connections. Disable/Default out of this because we’ll be able to configure it later after setup completion. ADSL connections come next. We’re not covering this for this tutorial…you can set it up later as well. Disable this feature using the selection screen and continue on.

The network chooser menu appears. This will allow you to configure your RED, GREEN, ORANGE network how you want it. Carefully read each option. For this tutorial, I was connected directly to the modem with the Smoothwall machine and had a second NIC for my LAN with no third NIC for the DMZ. I selected GREEN + RED for my choice. See the installation manual on your burned CD for more info on ADSL, ISDN, and dialup configuration. The dialogue will ask you to confirm your choices at the end of configuration. Remember to choose DHCP enabled on your RED interface so that the ISP can give it an IP address and to manually assign your GREEN interface an IP address.

The last option you have is to input your DNS and gateway information. Your ISP should be able to provide you with the numeric IP address of your DNS servers. I left the gateway blank because my ISP does not use a gateway server to provide services. If you are in doubt, leave gateway blank.

Next up, we’ll configure DHCP (IP address assigning) for Smoothwall. This will enable ANY computer that is connected on your LAN to automatically pick up an IP address and join the LAN. This makes it nice for game sessions, etc. when you have many computer connected at the same time and don’t have time to tell each person what your LAN IP is and what your subnet mask is. They simply plug and play!

Enable DHCP on the selection screen by selecting it with the spacebar. Define a range of IP addresses…I use 192.168.0.2 through 192.168.0.254. The default lease time and Max lease time are in minutes. I chose to leave these with their default settings.

Lastly, we choose three administrative passwords. First, setup your root password. Next you’ll setup your ‘setup’ user password. This setup user can login via SSH connection and the setup program we are going through will be run again. Lastly, the admin user. The admin user is not a Linux user?but is a user you will login with via the Smoothwall web interface.

Installation and configuration finished. You?re all set. You will be prompted to register with Smoothwall and your firewall is ready to go! You’ll want to login to your interface right away to upload any patches that need to be installed using your admin user. The quickest way to do this is to hop on any computer on your LAN (besides the smoothwall one) and type https://192.168.0.1:441 or https://hostname:441 in a webbrowser (where hostname is your hostname you chose previously). You will be prompted for your login info. Use admin and watch as you are greeted by a Smoothwall status page!

To get a good feel for Smoothwall, visit the main page at http://smoothwall.org and see the ‘docs’ tab. The forums are also extremely helpful and many knowledgeable people can help you with any problems that may arise. There are also some screenshots that you can browse located: http://smoothwall.org/about/screenshots/
Hopefully, your install went well and everything is working for you! If not, don?t forget that the installation guide is on your CD that you made!

Please note that this article was published previously in the forums area. I have moved it to the blog as the forums are slowly being closed down. Thanks for reading Yet Another Linux Blog.

This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.

About

devnet has been a project manager for a Fortune 500 company, a Unix administrator, a Technical Writer, and a System Analyst during his 10 years working with Technology.

  • anon

    Uhh which ‘swing in the Server market’ is that?!?!

    Majority of servers are *nix anyway..