Administering the SmoothWall Firewall
The easiest way to manage the SmoothWall firewall is using the Web interface. This gives you a powerful tool for administering and adding other functionality to your firewall. You can access this interface two ways: via port 81 for normal Web communications or via port 441 for secured Web communications using SSL. Either way, you put the IP address or URL with the port number in the location window of a Web browser. For example, if your firewall LAN interface card has IP address 192.168.1.1, you would enter the following into the Web browser
for normal Web communications, or
for secure Web access.
This will display the SmoothWall opening screen. To access any of the other screens you will need to enter your user name and password. The default user name is admin and the password is the one you entered for the Web interface during the setup process. There are several main menus accessible from the main page (see Figure 3.7)
Figure 3.7. SmoothWall Main Menu
Each menu has a number of submenus underneath it.
This is the firewall homepage and contains copyright and uptime information.
About Your Smoothie:
This has a number of useful submenus:
This shows you the status of the various services on the SmoothWall.
This screen contains detailed information about your system.
This is one of the cooler features in SmoothWall. This enables you to create bandwidth graphs so you can analyze your network traffic on different interfaces at different times of the day and on different days. You can use this as a quick way to find network problems. If you notice huge bandwidth increases on the weekend or late at night without any known reason, you know that something is amiss (see Figure 3.8).
Figure 3.8. SmoothWall Traffic Graph
This is where you configure various basic and optional services on the SmoothWall (see Figure 3.9).
If you want to be able to set up your SmoothWall to act as a proxy for anyone surfing the Web, this function can be set up here.
The built-in DHCP server is configured here.
If your ISP assigns you a dynamic IP address but you still want to allow services in from the outside, you can set up the SmoothWall to update a DNS record automatically with its new IP address. It can be configured to use any one of several online services such as dyndns.org and dhs.org.
This section controls access to your SmoothWall from anywhere but the console. You can enable SSH (it is disabled by default) and control what specific addresses can get access.
This configures the time settings on the machine. This can be very important if you are comparing its log files to other servers. You can set it up to get time from a public time server, which makes logs more accurate.
Figure 3.9. SmoothWall Services Screen
This is where you configure anything associated with the firewall and network functions of the SmoothWall. This includes adding, deleting, or modifying the rule sets and other functions:
You can forward a specific port or series of ports to an internal protected host.
Internal Service Access:
Click here if you need access to an internal service from the outside.
This lets you set up access from a host on your DMZ to a host on your LAN. This is normally not allowed as part of the function of a DMZ.
If you are using the SmoothWall to connect to the Internet via dial-up, you set the various phone settings here such as number, modem commands, and so on.
This is a nice feature that allows you to easily block an IP or range of IP addresses from your network without having to write any rules.
Several miscellaneous network settings such as Universal Plug and Play (UpnP) support are found here.
Here is where you configure the SmoothWall to act as a VPN for secure remote access from another network. The details are covered later in this chapter.
Access to all the log files kept by the SmoothWall is facilitated through this screen. The interface allows you to easily scan different types of log files such as system and security.
There are several standard network tools here including ping, traceroute, and whois. They also include a nifty Java-based SSH client so you can access SSH servers from your Web browser.
This section is used for system maintenance activity and has several submenus.
This section keeps track of any patches to your SmoothWall operating system. It is important to keep the SmoothWall OS patched. Just like any operating system, there are security holes discovered from time to time that are fixed in the patches. New features or compatibility are added periodically as well.
You can change any of the logins and passwords for the system here (assuming you have the old passwords).
You can make a backup of your SmoothWall configuration so that in the event of a crash you can easily restore it. You should make a backup as soon as you get the SmoothWall configured to your liking to save your settings.
This will safely shut down SmoothWall.