Back to article
DistributionWatch Review: SmoothWall Linux 0.9.4
A Secure Distribution
September 22, 2000
One thing before you begin reading this article: Linux is not, nor has it ever been, completely invulnerable to attacks. There is a sense of superiority within the Linux community that gets a bit smug whenever word of a new virus makes its rounds through the Windows PCs of the world.
That, they typically say, would never happen to a Linux machine. And in most cases, they would be right. Linux is, code for code, a more security-minded operating system than any of the Windows family.
But even a cop on the street can get mugged, if someone is bold enough to try. So, too, can a Linux system be broached by mischief makers and evil doers, should they put their mind to it.
The simple truth is, if someone really wants into your PC, they will eventually be able to get into it. The trick is to make it hard enough for them that they will get discouraged and go away or increase the likelihood that they will be detected and discovered, which might make them flee as well.
Linux, by its very nature, makes setting up such obstacles a pretty easy thing to do. The attributes that some critics contend make Linux a clunky, difficult to use operating system are the very same attributes that makes it hard for intruders to do a number on your Linux machine.
Still, every little bit of extra security helps. Addressing this need is a new Linux distribution designed to take care of one thing: the integrity of your network.
Building a Better Wall
SmoothWall Linux 0.9.4 is a recent addition to the family of Linux distributions and one with an interesting lineage. The base system files are a stripped-down version of those found in VA-Linux 6.2.1, which in turn was derived from Red Hat Linux 6.2. What is more interesting than its lineage is this distro's purpose in life: to function as, and only as, a firewall to the Internet.
SmoothWall Linux is a creation of Richard Morrell and Lawrence Manning, two British programmers who wanted to "extend Linux via a device that they can build that isn't a cobbled together solution but a fully fledged device with management facilities, into the houses with Mac and Windows clients," according to Morrell. In this they have certainly succeeded, since SmoothWall does its one main function very well.
The choice of starting with VA Linux may seem obvious when considering that Morrell works for VA Linux Europe. But Morrell emphasizes that the choice was a matter of convenience.
"Although I took VA's Linux build and bastardised it, it could have been any of my distro's--just VA's is the most stable," Morrell indicated, "This isn't a VA project or product--it started with me and Lawrence hacking code at 2 a.m. one morning."
SmoothWall is currently available from SourceForge in the form of two tarballed source files (one for the CGI and one for the base code) or in one single ISO to burn onto a CD-ROM. The source files are very small, just under 50K in size. Even the ISO is just over a mere 18 MB, which makes this a download that even a low-bandwidth pipe can handle with just a little investment in time.
My installation of SmoothWall was done on NEC box with an AMD K6 chip. Before installation, the NEC box was running a Windows partition and a Red Hat partition. For the purposes of testing, I disconnected the machine from the DHCP server on my network and set the machine up for modem access to the Internet. (At this time, SmoothWall for cable modem access is still not available, so I could not use that option. As of September 21, the problem of cable modem access was solved by the developers, and will be released soon.)
Mention is made of my partitions because they were about to be killed off in favor of a Debian Potato install anyway, so I decided to have SmoothWall knock down the existing partitions. This is unavoidable, and it is something that you should be aware of if you decide to use SmoothWall: this distribution presents the user with no partition options, so if you install it, it will kill anything on your box.
This is spelled out in the Installation Guide available on SourceForge, but it cannot be stressed enough if you decide to use this for firewalling your network.
Installing SmoothWall is very, very simple. Be sure to have your network information at hand, particularly the name of the module used for your network card. Initially, I tested version 0.9.2, and had to supply this information manually. Version 0.9.4 came out while testing was being performed and it had the added feature of probing for network cards. The probe was accurate for my card, but keep your information handy just in case.
Once you take care of networking information, which consists of informing SmoothWall some IP information, all you do is set up a root password and a password for the Web administrator, quickly configure LILO, and off the installation goes. No package selection here, just a fast installation that wants to get down to business.