The I.T Massive!

Full Disclosure: I use PFSense at home and I love it.

Intro

SmoothWall express 3.0 is a Linux distribution that is designed for usage as a firewall system. It uses the web based user interface which makes the system very easy to configure and someone with little Linux knowledge could easily configure the system. SmoothWall express 3 uses the Linux 2.6 Kernel and utilizes an intrusion detection system and other useful network services.

Installation
The SmoothWall guys have an excellent installation manual so I'm not going to rewrite it. I'll just say a few key things about it:

• The Install of SmoothWall will erase ALL DATA on the computer.
• The Install requires a dedicated computer with least 128 MB of memory and 2GB of hard drive space.
• One network interface plus modem or at least two network interfaces.
• SmoothWall refers to the network interfaces by color, Green is LAN, Red is WAN and Orange/Purple are only used if you have more that two interfaces.
• If the probe for network cards fails, your cards are not supported by SmoothWall.

Features
First we will look at the features of the system, I've sorted them by the categories that they appear in the web interface. Some of the details have been omitted because they are very common features that speak for themselves.

The device home page is an overview of system, it contains:

• Local and remote IP address.
• Current throughput.
• Todays data transfer.
• The current months data transfer.

About Menu
The about drop down menu contains all of the status type information. The status page contains information about running services in a list status format with process run time. Next in the menu is the advanced system status which displays an impressive amount of information including:

• Detailed memory usage
• Disk/filesystem usage
• Inode usage
• Uptime and users
• Interfaces (including currently applied IP address, netmask, MAC address, Broadcast address, MTU and current operational status.)
• Routing table
• Hardware information (detailed hardware information, including chipset details. The 'lspci' command for Linux people.)
• Loaded kernel modules (detailed information about the currently loaded Linux kernel modules. The 'lsmod' command for Linux people.)
• Kernel version. (currently running kernel version, hostname and other system information.)

After the advanced page we come to the traffic graphs page, it contains statistics and graphs of information including input/output data, current transfer rate and amount that has been used in the hour/day/week/month. On the bandwidth bars page, it shows realtime network bandwidth using bars. This updates every second. The next page displays the traffic monitor, a realtime display similar to network bandwidth bars but with graphs. This also has a 1 second update.

my.SmoothWall is the final page in the about menu and it is used to register the device.

Services Menu
The services menu is the place you would go to enable and configure services. The web proxy, this uses Squid a popular open source caching proxy service.

The IM proxy on the next page is the IMSpector Instant Messenger proxy that can monitor, censor and block popular IM services such as MSN, Jabber/XMPP, AIM, ICQ, Yahoo, IRC and Gadu-Gadu all to varying degrees of support. IMSpector is also kind of scary as it can proxy the TLS/SSL handshake of some protocols perform a man-in-the-middle attack so it can see the IM traffic.

The POP3 Proxy is capable of providing anti-virus scanning for email which in todays world is a very useful feature. However its only any use if you download mail with a mail client via POP3 and most of the people I know use some form of webmail.

The DHCP server handles the dynamic configuration of IP settings for the network clients that would normally be handled by a Cable/DSL router. A few of the more interesting features of the DHCP server is the ability to configure network booting and static assignments.

If you use dynamic DNS on your network, mainly if you host a server from home, this feature is really neat. Instead of having to run the update clients on your PC you have the updater running in a central place.

Static DNS is useful if you want to use computer names across the network but it really only works if you have static IP addresses.

The intrusion detection system is a very interesting feature of the system as it will alert you to possible security breaches. It uses the popular open source IDS Snort.

Remote access (SSH) can be enabled with access from valid referral URLs for example Green/Red IP address.

Networking Menu
This is the place that most of the configuration will be done from. The incoming pages is used to configure port forwarding, SmoothWall blocks incoming connections by default unless configured. The outgoing page is where the firewall rules, SmoothWall allows outgoing by default unless configured. You can enable an IP block for specified IP address or networks, this is very useful if you get repeated abuse from someone attacking your network. With timed access you can prevent or allow network access at certain times of the day. This feature is pretty neat and could be used to restrict access to limit online time for your children (or yourself).

The advanced settings can be used to block ICMP/IGMP/muliticast traffic and enable UPnP/SYN cookies. PPP options including PPP, PPPoA or PPPoE connection settings can be configured from the PPP menu. The interface configuration is where the configuration of the various network interfaces can be changed. Quality of service is one of the reasons to use SmoothWall. It can be used to stop something like BitTorrent taking all the download speed or even improving the stability of video chats.

Logs Menu
All the log pages are fairly standard, nothing really fun going on here. The system (DHCP, IPSec, updates, core kernel activity, etc) sort by section, month and day in one page. Then the web proxy, firewall, IDS, IM, email anti-virus are on separate pages.

Tools Menu
In the tools section there are things like a whois lookup tool, a ping & trace-route tool. Finally there is a Java SSH applet that enables a command line through the web browser.

Maintenance Menu
The system updates page is used to manage system updates. The modem page is where you can change AT string settings for your PSTN modem or ISDN TA. From the maintenance area you can upload the driver for Alcatel/Thompson SpeedTouch USB ADSL if you have these devices. Password management lets you change your system passwords. The device configuration can be backed up and restored from the the maintenance area. The preferences page is where the drop down menus can be enabled and disabled. Then finally the shutdown section is where you can shutdown or reboot the device if you need to.

Default services (on the LAN)
53/tcp open domain dnsmasq 2.45
81/tcp open http Apache httpd 1.3.41 ((Unix) mod_ssl/2.8.31 OpenSSL/0.9.8i) Normal HTTP
441/tcp open http Apache httpd 1.3.41 ((Unix) mod_ssl/2.8.31 OpenSSL/0.9.8i) HTTPS
IP address (1 host up) scanned in 16.27 seconds

It's nice to see that there are only a few services running by default and realistically everyone will use these.

Conclusion
Pros
I found the web interface of SmoothWall Express 3 to be very good in general. The pages are laid out well and the interface was fairly responsive. Drop down menus that can be very tricky for some people to use are wide enough so they are not frustrating to use in SmoothWall. The interface is attractive to look at and is a big improvement over SmoothWall express 2. The realtime graphs of things like bandwidth usage are a nice touch. Installing the snort rules I noticed that the page has a progress bar that lets you know it's still doing something. I used a different firewall distro that did not have this feedback and you would not know if the process had crashed.

Cons
There is no configuration for Snort other than the service enable and oinkcode UI. I found the Java SSH shell to be quite annoying as it had a stupid pop-under login window. Limited/Simplistic options in general. Non-standard port numbers on some firewall services. I find this highly annoying and provides little if any additional security. Sadly SmoothWall didn't find my wireless card. No remote logging UI (however not required by most people). Installer can fail and die if you pick a wrong option.

Addons
You can extend the functionality of SmoothWall with third party addons. I've not talked about the addons in this review because it is outside the scope of the review. A few examples of addons are an advanced proxy server configuration page and a blackhole for malware domains. The place to go to get addons is at the SmoothWall forums.

I would like to thank my friend Kevin for the inspiration to review this product, thanks buddy :)

Written By Graham Mead.