Remember, installing SmoothWall will erase any data on the hard disk and put its own operating system on it. Do not run this installation on a computer on which you have data or programs you need.
You must first create a bootable CD-ROM disk. To do this, use CD-writing software, such as Nero or Easy CD Creator, and create a disk from the .iso image file from the SmoothWall directory on the CD-ROM that accompanies this book. The disk it creates will be bootable.
Set your PC to boot from the CD-ROM first. Otherwise, it will search the hard drive and load the operating system it finds there. You usually do this in the BIOS settings of a PC accessed at boot-up before the OS loads. Many PCs use the F2 function key to enter this mode.
Boot the machine from the CD-ROM. A title screen displays some basic licensing and disclaimer information. Click on OK.
You have the choice of loading from the CD-ROM or HTTP. Remember, do not enter this mode unless you are ready for all the data on that hard disk to be erased and replaced with the SmoothWall software.
Choose CD-ROM, and the installation will begin.
You will see it formatting the disk and then probing your machine for its network interfaces. It should auto-detect any network interface cards (NICs). It lets you accept or skip each one and set them up as firewall interfaces. For example, if you have two NICs on your computer but only want to use one as a firewall interface on the firewall, you would define that here.
Define the attributes of each selected interface. Assign them an IP address and subnet mask. After this, SmoothWall installs some additional driver files and asks you to eject the CD-ROM. You have finished installing the program and will automatically enter setup mode.
In setup mode, you will be asked for a hostname for the SmoothWall. You can use the hostname to access the machine instead of using its LAN IP address.
Next it asks if you want to install the configuration from a backup. This nifty feature allows you to easily restore your firewall to its original configuration if the system crashes (assuming you made a backup, which is covered later in this section). Don't select this unless you are in the process of restoring from a backup.
Assuming you chose to set up a new firewall (not from backup) in the previous step, you will be prompted to set up several network types:
Leave this set to Disable if you aren't using ISDN. If you are, then add the parameters appropriate for your IDSN line.
This section is necessary only if you are using ADSL and actually have the ADSL modem in your computer. Leave this on Disable if you aren't using ADSL service or if the provider gives you an external modem to plug into. Otherwise, click on the settings for your ADSL service.
SmoothWall divides its zones into three categories:
Your internal network segment to be protected or your "trusted" network.
The external network to be firewalled off from the LAN. The "untrusted" network, usually the Internet or everything that is not your LAN.
This is an optional segment that can contain machines that you generally trust but need to be exposed to the Internet (the DMZ mentioned earlier). This protects your internal LAN, should one of the servers be compromised, since DMZ nodes don't have access to the LAN by default, and also allows these machines to be accessed by the outside world.
Select the configuration that is appropriate for your network. Most simple networks will use Green (Red is for modems or ISDN), or Green and Red if you have two NIC cards in the machine.
Now it is time to set up the DHCP server. If you want your firewall to be responsible for handing out and managing dynamic IP addresses on your LAN, enable this feature. Otherwise leave it turned off. You can set the range to be assigned, and the DNS and lease times for the addresses given out.
You now set several passwords for different levels and methods of access. The "root" password is accessible from the console and command line interface and acts just like UNIX root in that you have total control over the box. You then assign a password for the "setup" user account. This user can also access the system from the console and command line. This user has more limited powers than "root" and can only run the setup utility program.
Finally, set up a Web interface user account. This isn't a UNIX-type account and can't be accessed from the command line. It is strictly used to control access to features from the Web interface.
Now reboot the machine and your SmoothWall firewall should be up and running. You can log into the machine from the console using either the root or setup user. You can also SSH into the box from a remote location and get the command line interface. However, one of the truly nice things about this program is that there is a powerful and easy-to-use GUI accessible from any Web browser that makes administering the firewall a snap.