As my crappy 802.11b wireless router gasped its last breath, I started looking for a suitable replacement. My home network includes a web/email server, a dedicated MythBox, my standard desktop tower, and a laptop or two. Naturally, I wanted to upgrade from a just a simple router to a more full-featured firewall without spending a whole lot of money. An old AMD Athlon 900MHz computer with 512MB or ram would become an excellent base for a Smoothwall Express 3.0 installation.

Before I started with the installation, I tried to read as much of the documentation as possible, and I spent extra time browsing their highly active user forums. This allowed me to create a diagram of my home network beforehand which utilizes Smoothwall’s built-in color-coded network partitioning scheme. The scheme works like this for my home network (all connections are referenced to the Smoothwall box itself):

• Red Interface: Connects directly to the internet through my cable modem.
• Green Interface: This connects to a simple network switch to which all of my “trusted” computers are connected. More on this later.
• Purple Interface: This connects to a wireless access point which is configured to use WPA encryption.
• Orange Interface: This connects directly to my web/email server.

For this scheme to work, the computer onto which I was installing Smoothwall required 4 (four) network adapters, one for each interface. This was accomplished by acquiring four cheap PCI network cards. Check the documentation beforehand to make sure the cards you buy are supported by Smoothwall!

Once the computer hardware was ready, I downloaded an ISO from SmoothWall.org and burned it to a CD. The CD is bootable and installation is pretty straightforward. The hardest part is figuring out which colored interface the installer has assigned to which card.

The interfaces come with default rules which define how they can interact with one another. In a nutshell, it works like this: Green, Purple, and Orange can all access stuff on the red interface (they can all access the internet). Green is the “trusted” network and is designed to be the standard location for regular users’ comuters. It can access computers located on both Purple and Orange computers with no specific port forwarding rules. Purple is very similar to Green in the fact that it can access computers on Orange, except it is restricted from inititiating connections to computers on Green. This is great for wireless networks which are prone to being hacked. The Orange interface is the “de-militarized zone” or DMZ. It only has access to the Red interface and cannot (and should not) be able to access the Green or Purple networks. This works well for servers which have potentially vulnerable services exposed to the perils of the internet. This way, if someone hacks your server, that’s all they get. They can’t access any computers located on the Green or Purple interfaces.

By default, the firewall port forwarding rules are configured as “Half-Open” which means that incoming traffic is restricted on all interfaces. Additionally, only selected ports are allowed for outgoing traffic as well. Most applications work out of the box with this configuration, but you may need to poke some outgoing holes for PTP applications for example.

I’ve been experimenting with the wealth of community-submitted “Homebrew Customizations.” Some of these are really spectacular and provide additional functionality which is usually built right into the Smoothwall administrator web interface. Here are a few that I’ve tried out with success:

1. Broadband Modem Monitor v1.3
2. DHCP Lease v2.1
3. Performance Graphs v1.3
4. SmoothBackup for SWE 3.0 v.1.4
5. Smoothwall Express Mail Filter v. SEMF-SW3-3.8.0-0.40-i686-b017
6. and ModCommander for SWE 3.0 v. 1.1 for installing more Mods!

The Smoothwall Express Mail Filter is great. It listens on port 25 and scans all incoming email for spam and viruses before it even reaches my email server on the orange interface. After about a thousand emails, it’s about 80% accurate in detecting spam. After another thousand, it should be extremely accurate.

The Broadband Modem Monitor is also interesting. It monitors the Power and Signal-Noise Ratio of your standard cable modem and produces plots. I’ve noticed that the quality of my connection has been faltering recently, and this could have something to do with it:

I guess the cable company is messing around in the neighborhood and causing periodic degradation of service. I know a few dB isn’t that big of a deal, but it could be a symptom of whatever else they’re doing.

Anyways, the Smoothwall Express 3.0 Firewall is effective and easy to install/use, and the homebrew mods are pretty sweet too. Give it a shot. What else are you going to do with that old computer from the late 90’s?