How To Install Smoothwall Express 3.1

On

Smoothwall Express 3.1 + BT Infinity setup.This tutorial assumes that you already have Smoothwall Express 3.1 installed on your hardware of choice. With BT Infinity becoming evermore available we decided to setup and test smoothwall as our Firewall of choice. After quite a bit of head scratching we were able to get things up and running. Remember, this is a distribution based on the Linux kernel, and since we're not talking a live distribution, and the end result is a console-only operating system, the installation is an old-school curses-based install. However, anyone who is looking at a tool like SmoothWall Express shouldn't be afraid of a.

Learning has never been so easy!

If you find yourself using an external web proxy to handle your internet filtering but you have no control over that proxy then you can add smoothwall to the mix to give you the ability to add your own filters on top of the settings from your current web proxy.

Here's how;

45 Steps total

Step 1: Get hold of box.

Almost any Pentium-class PC can be used, for example, an old low specification PC or server.

The minimum specs are an Intel Pentium 200 or compatible processor, 128MB RAM, 2GB Hard Drive. Cd-ROM Drive.

Two network cards must be attached and working. However, only one is required to be plugged in for normal operation.

Firewall

Step 2: Download Smoothwall Express iso

Get hold of an iso for Smoothwall Express from http://www.smoothwall.org/download/ and burn it to a CD.

Step 3: Boot your box from the CD.

Boot from CD and you'll get the install screen.

Follow the wizard.

Step 4: If you happen to have a backup of a previous install..

..then choose yes at the appropriate screen, otherwise choose no.

Step 5: Select Half-Open as the security option.

Step 6: Now we enter the Network Setup phase, where we have four settings to make.

Start at the top of the list and work through.

Step 7: Network Configuration Type

Choose Green + Red here.
Green will be your internal interface, Red the external.

Step 8: Drivers and card assignments

Choose the Auto 'probe' option twice (once for each network card) and it should find drives for your network cards.

Set your fastest network card as the green interface.

You're aiming to get to a screen where both Red and Green network cards are set correctly.

Step 9: Address Settings

Set appropriate IP address for both your Green and Red interfaces.

It would be a good idea to add reservations & records in your DHCP & DNS systems.

Step 10: DNS and Gateway settings

Set appropriate DNS and Default Gateway IP addresses.

Step 11: Next Page!

On the next page are four more settings.

Install Smoothwall Express 3.1 Vmware

The one to note here is 'Web proxy'.
Enter your proxy detail here.

NOTE: This is just to enable SmoothWall Express to connect to the Internet, register itself and download any updates
The settings here have nothing to do with SmoothWall Express’s own web proxy service, which
is configured separately using the web-based interface.

ISDN Configuration, ADSL Configuration and DHCP server configuration should all be disabled.

Step 12: Passwords

Enter a password for the Admin account. - You’ll use this for logging into the web interface later.

Next enter a password for the Root account. - The root account has complete control of SmoothWall Express and is used to log on to the SmoothWall Express console via SSH on the non-standard port 222

Step 13: Setup Complete!

Setup is now done.

Take out the disk and reboot.

Don't forget to plug your green interface into the network.

Booting is complete when the computer beeps and you are faced with a command line login prompt.

Step 14: Download add-ons.

Go and download the three add-ons that will give you extra features.
Make sure you get the correct version for your version of smoothwall.

1. URL Filter - http://urlfilter.net/download.html - Allows you to filter sites.
2. Advanced Proxy - http://www.advproxy.net/download.html - Allows you set up the box as an intermediary proxy.
3. Calamaris add-on - http://calamaris.advproxy.net/download.html - Adds some reporting functionality.

EDIT: 4th Dec 2014: It seems the above websites no longer exist. They can now be found attached to the next three steps or at http://sourceforge.net/projects/swe332advproxy306/files/

Step 15: URL Filter

URL Filter File - unzip

swe3-32-urlfilter-1.5.3.tar.zip

Step 16: Advanced Proxy

Advanced Proxy File - unzip

swe3-32-advproxy-3.0.6.tar.zip

Step 17: Calamaris Reports

Calamaris Reports File - unzip

swe3-32-calamaris-2.1.1.tar.zip

Step 18: Login to smoothwall

On another computer on your network, load a browser and browse to https://[smoothwall]:441
Where [smoothwall] is the IP address, or host name of your new smoothwall box.
Login using Admin for the username and the admin password that you set earlier.

Step 19: Turn on SSH Access

Switch on SSH Access to Smoothwall by navigation to 'Services', 'Remote Access' and ticking the 'SSH' box.

Step 20: Download WinSCP

To be able to SSH into your smoothwall you can use WinSCP on windows.

You can get that here. http://winscp.net/eng/download.php

Step 21: Run WinSCP and Login to your Smoothwall

Enter your smoothwall's hostname, port 222, your root username and password. Then click login.

You should be taken to a file explorer.

Step 22: Update Smoothwall

In the web GUI Click 'Maintenance' then 'Updates' then 'Check for Updates' to search for updates.
If any are available then click 'Update' to install.

Step 23: Manual Updates (Getting the Available Updates List)

If the automatic updates fail, you can install the updates manually.

Download the updates list from sourceforge https://sourceforge.net/projects/smoothwall/files/updateInfo/3.0-polar-x86_64/info

Download all the appropriate update files from sourceforge https://sourceforge.net/projects/smoothwall/files/SmoothWall%20Updates/3.0/

Using WinSCP rename the file /var/smoothwall/patches/available to available.backup

Copy the Info file to /var/smoothwall/patches and rename it to 'available'.

Step 24: Manual Updates (Installing the Updates)

In the web GUI Click 'Maintenance' then 'Updates'.

Click 'Advanced' then browse for the Update 1 file. Then click upload.
Do this for all updates that need installing.

Reboot the Smoothwall.

Step 25: Copy the three .tar files from earlier

Copy the 1. URL Filter, Advanced Proxy and Calamaris add-on tar files that you downloaded earlier to the /root directory.

Step 26: Login to your smoothwall

Login to your smoothwall with the root username and password either by physically logging in at the console or via the smoothwall web interface (Tools, Shell).

Step 27: Extract Packages

User the DIR command to display the names of the packages.

Run the following command on each package to extract the packages.
'tar -xzf [PACKAGE NAME]'

e.g.
In my case;
tar -xzf swe3-32-advproxy-3.0.6.tar.tar
and
tar -xzf swe3-32-urlfilter-1.5.3.tar.tar
and
tar -xzf swe3-32-calamaris-2.1.1.tar.tar

Run DIR again at the end to check extracted folders exist (you could also use WinSCP to check the folders are there).

Step 28: Install Packages

Install each package.

3.1

Run the following command on each package to install. '[folder name]/install'

e.g.
In my case;
smoothwall-advproxy/install
and
smoothwall-urlfilter/install
and
smoothwall-calamaris/install

After installation reboot the server.
You can do this by logging in to the web interface and choosing 'shutdown' 'restart'.

Step 29: Login to Smoothwall

Login to the smoothwall web interface by browsing to https://[smoothwall]:441
Where [smoothwall] is the IP address, or host name of your new smoothwall box.
Login using Admin for the username and the admin password that you set earlier.

Step 30: Configure Proxy

Download tubemate for android from getjar windows 10. The first thing you will want to do is to configure the proxy server.

To do this, go to 'Services', 'Advanced Proxy'.

Under 'Common settings'
Make sure 'Enabled on Green' is selected,
Also select the port and hostname that your clients will use to connect to your smoothwall.

Under 'Upstream Proxy'
Fill in your upstream proxy name and port number (and login if required).

Go through the rest of the setting on this page and set a appropriate.
Make sure that the 'URL filter' setting is enabled.

After any configuration on this page remember to click 'save and restart' to make the changes come into effect.

Step 31: Configure URL Filter

To configure the URL Filter go to 'Services', 'url filter'

Set any blacklists on this page.
Domains should be written as 'bbc.co.uk', URLs should be written as 'bbc.co.uk/iplayer'

You can also subscribe to an automatic blacklist update.

After any configuration on this page remember to click 'save and restart' to make the changes come into effect.

Step 32: Configure Client

Point your client computer's proxy settings, in the usual way, to your new smoothwall using the port selected in 'Advanced Proxy' settings.

Step 33: Fix Long URL problem (See comments)

Download and decompress the file attached to this step.

This is a beta binary file for SquidGuard 1.5
It can also be obtained here http://www.squidguard.org/Downloads/Devel/squidGuard-1.5-static

squidGuard-1.5-static.zip

Step 34: Log into your Smoothwall with WinSCP

Enter your smoothwall's hostname, port 222, your root username and password. Then click login.

You should be taken to a file explorer.

Step 35: Rename old SquidGuard binary

Navigate to /usr/sbin and rename 'squidGuard' file to 'OrigsquidGuard'

Step 36: Copy new squidGuard binary

Copy squidGuard-1.5-static to /usr/sbin directory and rename to 'squidGuard'

Step 37: Change the properties of squidGuard file

Right click the squidGuard file and click properties.
Change the permission entries to allow everyone to execute/enter.

Step 38: Run restart command

Login to your smoothwall with the root username and password either by physically logging in at the console or via the smoothwall web interface (Tools, Shell).

Run

/usr/bin/smoothcom squidrestart

To restart the service.

Step 39: Restart URL Filter

Restart the URL Filter, or restart the entire server and test.

Step 40: More Modifications!

Below you can find some more modifications to the web proxy log.

Most of the mods are from Zirrow's page 'proxylog.dat ChangeLog for SWE3' (see references);
Fix log entry background color striping, Reverse timestamps (newest entry on top), Sort client drop-down list and Add user name.

The filter by username is a mod I wrote myself.

For a list of proxylog.dat file modifications see attached txt file.

PROXYDAT_MODS.txt

Step 41: Backup proxylog.dat file.

Log into your smoothwall with Win SCP (see step 19 & 23)

Navigate to /httpd/cgi-bin/logs.cgi

Open the terminal and enter command;

cp /httpd/cgi-bin/logs.cgi/proxylog.dat /httpd/cgi-bin/logs.cgi/proxylog.dat.original

Click Execute,
Close the console.

Step 42: Replace contents of proxylog.dat

Double click the proxylog.dat file,
Select all, and delete.
Copy the entire contents of the attached proxylogdat.txt file into the proxylog.dat file
Click Save.
Close the proxylog.dat file.

proxylog.dat.txt

Step 43: Get usernames into smoothwall

There are multiple ways to get to usernames into smoothwall.

Login to your smoothwall (see step 15)
Go to 'Services', 'Advanced Proxy'
Scroll to the bottom.
Choose an Identification method (I use Identd); (Identd requires a service to be installed on your workstations - see next step)
Set your options that are correct for you.
The ones I use are in the screen shot.

Step 44: Install Identd service on workstations

Find a Identd service (I can't remember where mine came from) and install it on the workstations.

I simply add the attached msi to a GPO that automatically installs it on all workstations. I had to set it to ignore the language.

Identd_service.zip

Step 45: Check for success

Log in to your smoothwall (see step 15)
Go to 'Logs', 'web proxy'
You should now see something like this.

With this setup you can add Domain and URL filters to the ones provided by your upstream proxy server.

Published: May 23, 2012 · Last Updated: Jan 17, 2018

References

  • Advanced Proxy on sourceforge
  • advproxy - The Advanced Web Proxy add-on
  • calamaris - Calamaris Proxy Report Generator add-on
  • proxylog.dat ChangeLog for SWE3 by Zirrow
  • SMOOTHWALL
  • Smoothwall Express - Express Open Source Firewall Project
  • Smoothwall Express Intallation Guide
  • SquidGuard
  • The perfect start with Smoothwall Express 3.0
  • Url filter not working, buffer overflow going emergency mode.
  • urlfilter - The URL filter add-on
  • WinSCP - Free SFTP, SCP and FTP client for Windows

14 Comments

  • Mace
    hsc5775 May 23, 2012 at 06:20am

    thx for share

  • Datil
    RoboOx Nov 22, 2012 at 10:55am

    A bug has been identified with the urlfilter/squidguard feature that causes the filter to go into emergency mode and pass all traffic when long URLs are called.

    A discussion on this topic can be found here - http://community.smoothwall.org/forum/viewtopic.php?f=26&t=35518

    I will also add some steps the How-To outlining how to fix this problem.

  • Pimiento
    CorneH Feb 26, 2013 at 08:11am

    Hi guys,

    Thanks for the great post.. however, i am having some problems. I have followed the instructions step by step, but On the 'advanced proxy Page' and 'ids Page' i get an error.. 'Unable to run command.' when I save and restart these pages..

    Any idea what it might be??? PLEASE :)

  • Datil
    RoboOx Feb 26, 2013 at 08:26am

    Hi there CorneH,

    This problem sounds familiar to me. I think I had it when installing one of these boxes one time. In my case, the advanced proxy service wouldn't start.

    Of you go to the status page you can see which are running.

    Unfortunately, the only fix I found for this was to erase the hard drive and reinstall from scratch, slowly and carefully.

  • Pimiento
    CorneH Feb 26, 2013 at 09:47am

    Hi RoboOx,

    Thanks for the reply.. Ok - so I have reinstaled for the 3rd time now, but this time I paid close attention to that status page.

    After Smoothwall 3.0 was installed.. all services, including the basic web filter service was running smoothly.

    I then install the adv proxy as per the article above.. and BOOM - it doesnt want to start.. doesnt matter what i try.. it doesnt work.

    I even tried to unsintall the adv proxy service.. which i got right. but when i go back to my basic web proxy even that services doesnt work then.. :(

    Any other ideas? the Adv proxy i installed was 3.0.6

    What am I doing wrong??

    PS - I am reinstalling AGAIN.

  • Datil
    RoboOx Feb 26, 2013 at 08:58pm

    It certainly sounds like the same problem I had. The failure happens for you in exactly the same place as I experienced. However, I'm not sure what I can suggest because a reinstall worked for me.
    Have you tried downloading the packages again? Perhaps a problem caused the file to corrupt slightly.
    Have you tried installing to a different computer just to test?
    Are you using x86 or x64 version?

  • Anaheim
    Cantjam Mar 15, 2013 at 07:24pm

    -

  • Pimiento
    kulvinder.mhahal Oct 24, 2013 at 04:09am

    i am also facing the problem
    i have installed the smoothwall,but when i am trying to save anything on url filter page after changes it is giving the error
    'URL filter is not enabled on the Web proxy page'

  • Datil
    RoboOx Oct 24, 2013 at 07:04am

    There's a check box at the bottom of the Advanced Proxy page labeled URL Filter. It needs to be checked.

  • Datil
    RoboOx Dec 11, 2013 at 03:52pm

    Just as a note to everyone (mainly myself);
    There is some useful mods available at http://zirrow.com/smoothwall/proxylog.html
    I will add them to the How-to when I get a moment.

  • Datil
    RoboOx Dec 12, 2013 at 04:20pm

    How-to has been modified with the mods mentioned above.

  • Datil
    RoboOx Jun 6, 2014 at 01:16pm

    A note of interest:
    I've just managed to set this up very successfully as a Hyper-V virtual machine. Just build it with two legacy network adaptors.

  • Datil
    RoboOx Nov 24, 2016 at 01:19pm

    I was reinstalling this solution today and came up against the same problem that Cantjam had. I managed to solve it by making sure that both NICs were connected and working.

  • Datil
    RoboOx May 19, 2017 at 02:55pm

    Just a note. One of my boxes came up with the same error as Cantjam had, just out of the blue when it had got restarted. On the status pages, none of the services like Web proxy were lighting up, and any command run in the web interface came up with an error.
    To fix the problem, I connected both network ports, logged into the console and forced a reboot (shutdown -r now). When the box came back up, I disconnected the red network port and logged into the web interface (the status page still looked unhealthy). I did a reboot from the web interface and then the services started as they should. Further reboots with the red port disconnected still came up successfully.

I am forever on the prowl for good security tools that don't come with a hefty price; after all, not everyone can afford a full-featured SonicWALL device. My searching usually leads me to various Linux distributions, and this time I discovered SmoothWall Express, a full-featured firewall distribution that can be installed on commodity hardware.

SmoothWall Express offers these features:

  • Stateful inspection
  • Unlimited local IP addresses
  • Dynamic Network Address Translation
  • Limited outgoing Egress traffic control
  • Port Forward from public IP address to DMZ/local IP
  • Administrator maintained IP Block list
  • Total network interfaces allowed: 4
  • External network interfaces: 1
  • Internal Network Zones (Local Networks and DMZs): 1 Local + DMZ + 1 Wireless
  • Ethernet
  • PPP Connections
  • PPPoA ADSL
  • PPPoE ADSL
  • PPTP ADSL

Requirements

  • The distribution can be installed on just about any commodity hardware.
  • Two network interface cards (one for internal and one for external)

Installation

Remember, this is a distribution based on the Linux kernel, and since we're not talking a live distribution, and the end result is a console-only operating system, the installation is an old-school curses-based install. However, anyone who is looking at a tool like SmoothWall Express shouldn't be afraid of a little curses-based installation.

All you have to do for the install is tap the Tab key and the Enter key now and then and maybe enter a hostname or IP address. The install isn't challenging — it just looks a bit old school. Trust me, the end result (specifically the end user-friendly web-based interface) is well worth it. Now let's get SmoothWall Express up and running.

Step 1: Download the iso of the latest SmoothWall Express build (make sure to download the iso that matches your architecture.)Step 2: Burn the ISO image onto a CD.Step 3: Boot the machine with the newly burned disk in the CD drive.Step 4: Walk through the installation process. Make sure to note any passwords associated with the root and admin user. The root user is for the console login, and the admin user is for the web-based interface.Step 5: Assign an internal and an external network.Step 6: Assign the SmoothWall static IP address for (at least) the internal NIC. Depending on your setup and situation, you may need to install the external NIC as a static IP.Step 7: Point your web browser to the web-based interface and start setting up your firewall.Step 7 might be the one piece of the installation puzzle that will trip up users. If you log in to the SmoothWall console using the username root and the password you created during installation, you will notice things aren't exactly as you expect. This tool has a web interface, yet the standard http daemons are nowhere to be found — at least not on the surface. In order to access the web-based tool, point your browser to https://ADDRESS_TO_SMOOTHWALL_SERVER:441. You will be prompted to log in using the admin user and the password you created during the installation. Once you have successfully authenticated, you will see the SmoothWall Express web interface (Figure A).Figure A
If you configured SmoothWall Express to use NIC(s) and a modem or ISDN card for Internet connectivity, you will see the web interface.

Configuring your firewall

You should go into the Maintenance tab and then go through the following setup/configurations:

  • Proxies (you can configure web, IM, pop3, sip proxies)
  • DHCP
  • Dynamic DNS
  • Static DNS
  • Remote access

Not all situations will warrant the configuration of every option, so make sure the configuration of your new SmoothWall Express firewall server matches your needs.

You do, however, definitely need to create incoming and outgoing rules. These rules are handled by clicking Networking and then Incoming or Outgoing. In these tabs (Figure B), you can then create the firewall rules necessary for your network.Figure B
This is how Outgoing rules are created. Outgoing rules control internal machines' access to external services.

As you can see, Outgoing traffic is either Blocked or Allowed with exceptions. Regardless of which option you choose, make sure to create the exceptions; otherwise, your network is either wide open or closed off. Also, make sure to go through each of the Networking tabs and get the most out of these configuration options.

Backing up your profile

Once SmoothWall Express is up and running and configured to your needs, you need to create a backup of your profile. To do this, go to Maintenance Backup and then click Create Backup Floppy Image File. This will create and download the file backup.img. As you can see, it does say 'floppy' (why SmoothWall is still using floppy technology is beyond me). Since no new machines have a floppy, you have to take these steps:

  1. Open a file manager (preferably on a Linux box; otherwise, you'll have to install a tool like winrar).
  2. Double click the backup.img file.
  3. Within the backup.img file is the backup.dat file, which you should copy to the SmoothWall machine using a tool like scp.
  4. Find the backup.dat file in /var/smoothwall/restore/backup.dat and then run the /etc/rc.d/restorescript tool. This will restore your configuration back to the server.
Note: There is also an Advanced (or Corporate) edition of SmoothWall. Check out this feature matrix for to see a comparison chart between SmoothWall Express and SmoothWall Advanced Firewall.