| Linux Forum Index » Smoothwall Forum » Is it any good? |
|
Page 1 of 1 |
|
| Author |
Message |
| Rob Nicholson |
 Posted: Sat Feb 07, 2004 3:30 pm |
|
|
|
Guest
|
Whilst I appreciate not a rather emotive question, but is Smoothwall any
good? We currently run Checkpoint's Firewall-1 on a NT 4 server but it's due
for replacement. We're also putting in place a second ADSL line for
redundancy.
Firewall-1 is pretty expensive and we probably don't use a 1/3 of it's
features so I'm tempted to look around. Running Linux on the firewall
instead of NT 4 with Smoothwall sounds like a) a good reason to get a Linux
system installed so we can see what all the fuss is about  and b) save
some money.
Cheers, Rob. |
|
|
| Back to top |
|
|
|
| Henry Law |
| Posted: Sat Feb 07, 2004 4:53 pm |
|
|
|
Guest
|
On Sat, 7 Feb 2004 20:30:38 -0000, "Rob Nicholson"
<rob.nicholson@nospam_unforgettable.com> wrote:
Quote: Whilst I appreciate not a rather emotive question, but is Smoothwall any
good?
Don't forget there are two versions - the free ("Express") version and
the paid-for one. I can only speak for Express, but I can confirm
that it does what it says on the tin, at low cost. If that's what you
want, it's very good! The full version has more "corporate"
features, in case the free one doesn't cut it for you.
Henry Law <>< Manchester, England |
|
|
| Back to top |
|
|
|
| Mike |
| Posted: Sat Feb 07, 2004 5:16 pm |
|
|
|
Guest
|
"Rob Nicholson" <rob.nicholson@nospam_unforgettable.com> wrote in message
news:KUbVb.1046$vo1.756@newsfep4-winn.server.ntli.net...
Quote: Whilst I appreciate not a rather emotive question, but is Smoothwall any
good? We currently run Checkpoint's Firewall-1 on a NT 4 server but it's
due
for replacement. We're also putting in place a second ADSL line for
redundancy.
Firewall-1 is pretty expensive and we probably don't use a 1/3 of it's
features so I'm tempted to look around. Running Linux on the firewall
instead of NT 4 with Smoothwall sounds like a) a good reason to get a
Linux
system installed so we can see what all the fuss is about and b) save
some money.
Well it does what it says on the tin but then so do a lot of others. There
are two versions Express and Corporate. Personally I use neither as the
forked project www.ipcop.org does more than more than both of them and costs
a whole lot less.
I would add that installing any of the Smoothwall or IPCOP systems will not
get you a linux system. They are firewalls that happen to use Linux as a
base OS. They only have as much of the OS as they need to function so you
will find many things missing such as a compiler for example. If you really
want to get a Linux system in, install a full distribution and learn
IPTABLES. The learning curve can be a bit steep but it is worth it in the
end. |
|
|
| Back to top |
|
|
|
| Paul Walker |
| Posted: Sat Feb 07, 2004 6:12 pm |
|
|
|
Guest
|
"Mike" <mike@notherematey.com> wrote in message
news:c03o2v$b0f$1@thorium.cix.co.uk...
Quote:
"Rob Nicholson" <rob.nicholson@nospam_unforgettable.com> wrote in message
news:KUbVb.1046$vo1.756@newsfep4-winn.server.ntli.net...
Whilst I appreciate not a rather emotive question, but is Smoothwall any
good? We currently run Checkpoint's Firewall-1 on a NT 4 server but it's
due
for replacement. We're also putting in place a second ADSL line for
redundancy.
Firewall-1 is pretty expensive and we probably don't use a 1/3 of it's
features so I'm tempted to look around. Running Linux on the firewall
instead of NT 4 with Smoothwall sounds like a) a good reason to get a
Linux
system installed so we can see what all the fuss is about and b)
save
some money.
Well it does what it says on the tin but then so do a lot of others. There
are two versions Express and Corporate. Personally I use neither as the
forked project www.ipcop.org does more than more than both of them and
costs
a whole lot less.
I'll second that. I am a very happy IPCop user.
Paul |
|
|
| Back to top |
|
|
|
| Rob Nicholson |
| Posted: Sun Feb 08, 2004 5:42 am |
|
|
|
Guest
|
Quote: are two versions Express and Corporate. Personally I use neither as the
forked project www.ipcop.org does more than more than both of them and
costs
a whole lot less.
I did a bit more reading after posting my message and came across a few
reviews/posts highlighting some nasty security flaws in Smoothwall. But
these were a couple of years old so I hoped had been addressed.
But in this trawl, I came across IPCop as well.
Quote: I would add that installing any of the Smoothwall or IPCOP systems will
not
get you a linux system. They are firewalls that happen to use Linux as a
base OS. They only have as much of the OS as they need to function so you
will find many things missing such as a compiler for example. If you
really
want to get a Linux system in, install a full distribution and learn
IPTABLES. The learning curve can be a bit steep but it is worth it in the
end.
Ahh thanks for pointing that out.
Cheers, Rob. |
|
|
| Back to top |
|
|
|
| Henry Law |
| Posted: Sun Feb 08, 2004 7:36 am |
|
|
|
Guest
|
On Sat, 7 Feb 2004 22:16:01 -0000, "Mike" <mike@notherematey.com>
wrote:
Quote: I would add that installing any of the Smoothwall or IPCOP systems will not
get you a linux system. They are firewalls that happen to use Linux as a
base OS. They only have as much of the OS as they need to function so you
will find many things missing such as a compiler for example. If you really
want to get a Linux system in, install a full distribution and learn
IPTABLES. The learning curve can be a bit steep but it is worth it in the
end.
This is true but I don't recommend it. Building a hardened firewall
system involves exactly what you describe - stripping out everything
that you don't need. All code tends to have holes, so the less of it
you have the fewer holes you have to worry about (and patch).
If you want to learn Linux (c'est moi!) then get an old Pentium
desktop and install your favourite distribution. You can play around
with iptables and snort and all that till your eyes go funny, and
you'll learn a great deal - and have lots of technical fun. But if
you want a Linux firewall then I recommend that you stay with one of
the pre-configured ones (Smoothwall, certainly, and if Ipcop is as
good or better then that too, of course) until you know exactly what
you're doing.
And don't be tempted to load up the Smoothwall box with other things
like file serving or whatever; same principle applies - fewer moving
parts, less to go wrong.
Henry Law <>< Manchester, England |
|
|
| Back to top |
|
|
|
| Ben Measures |
| Posted: Sun Feb 08, 2004 11:43 am |
|
|
|
Guest
|
Rob Nicholson wrote:
Quote: I did a bit more reading after posting my message and came across a few
reviews/posts highlighting some nasty security flaws in Smoothwall. But
these were a couple of years old so I hoped had been addressed.
I remember reading these, and reading the response by the "creator" of
smoothwall. It was quite apparent to me that it was just a difference of
opinion about the implementation of a firewall, rather than being a
vunerability as such.
--
Ben M.
----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.
What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).
Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.
Read about the ongoing battle at http://swpat.ffii.org/
---------------- |
|
|
| Back to top |
|
|
|
| Ben Measures |
| Posted: Sun Feb 08, 2004 11:46 am |
|
|
|
Guest
|
Henry Law wrote:
Quote: On Sat, 7 Feb 2004 22:16:01 -0000, "Mike" <mike@notherematey.com
wrote:
I would add that installing any of the Smoothwall or IPCOP systems will not
get you a linux system. They are firewalls that happen to use Linux as a
base OS. They only have as much of the OS as they need to function so you
will find many things missing such as a compiler for example. If you really
want to get a Linux system in, install a full distribution and learn
IPTABLES. The learning curve can be a bit steep but it is worth it in the
end.
This is true but I don't recommend it. Building a hardened firewall
system involves exactly what you describe - stripping out everything
that you don't need. All code tends to have holes, so the less of it
you have the fewer holes you have to worry about (and patch).
[snip]
And don't be tempted to load up the Smoothwall box with other things
like file serving or whatever; same principle applies - fewer moving
parts, less to go wrong.
Henry Law <>< Manchester, England
Absolutely, I couldn't agree more.
I'm always horrified at people asking questions about how to "hack"
their smoothwall to serve files and do printer sharing for their network.
Thankfully, I haven't heard of anyone wanting to put a compiler onto
their firewall - you'd have to be almost suicidal.
--
Ben M.
----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.
What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).
Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.
Read about the ongoing battle at http://swpat.ffii.org/
---------------- |
|
|
| Back to top |
|
|
|
| Rein |
| Posted: Sun Feb 08, 2004 12:45 pm |
|
|
|
Guest
|
What does ipcop give you that smoothwall doesn't ?
On Sat, 7 Feb 2004 22:16:01 -0000, "Mike" <mike@notherematey.com>
wrote:
Quote:
"Rob Nicholson" <rob.nicholson@nospam_unforgettable.com> wrote in message
news:KUbVb.1046$vo1.756@newsfep4-winn.server.ntli.net...
Whilst I appreciate not a rather emotive question, but is Smoothwall any
good? We currently run Checkpoint's Firewall-1 on a NT 4 server but it's
due
for replacement. We're also putting in place a second ADSL line for
redundancy.
Firewall-1 is pretty expensive and we probably don't use a 1/3 of it's
features so I'm tempted to look around. Running Linux on the firewall
instead of NT 4 with Smoothwall sounds like a) a good reason to get a
Linux
system installed so we can see what all the fuss is about and b) save
some money.
Well it does what it says on the tin but then so do a lot of others. There
are two versions Express and Corporate. Personally I use neither as the
forked project www.ipcop.org does more than more than both of them and costs
a whole lot less.
I would add that installing any of the Smoothwall or IPCOP systems will not
get you a linux system. They are firewalls that happen to use Linux as a
base OS. They only have as much of the OS as they need to function so you
will find many things missing such as a compiler for example. If you really
want to get a Linux system in, install a full distribution and learn
IPTABLES. The learning curve can be a bit steep but it is worth it in the
end.
Remove NO-SPAM from email address when replying |
|
|
| Back to top |
|
|
|
| Mike |
| Posted: Sun Feb 08, 2004 1:55 pm |
|
|
|
Guest
|
"Rein" <rruiterNO-SPAM@NO-SPAMyahoo.com> wrote in message
news:hctc20932mj9d6g0i0oln5dmos9srommi2@4ax.com...
Quote: What does ipcop give you that smoothwall doesn't ?
Well simply put, just about every usefull feature that you would have to pay
for in the Corporate version (Multiple Red IP, PPTP support, Save and
restore configuration backup to name a few).
There are also other options such as M0n0wall which provide even more
functionality than Express.
In both cases the biggest advantage is that of cost. Smoothwall started out
well enough as a good open source project but IMHO it got greedy. IMHO, if
you are going to spend money on a firewall, buy something from one of the
recognised leaders such as Watchguard. |
|
|
| Back to top |
|
|
|
| Ben Measures |
| Posted: Sun Feb 08, 2004 3:46 pm |
|
|
|
Guest
|
Mike wrote:
Quote: "Rein" <rruiterNO-SPAM@NO-SPAMyahoo.com> wrote in message
news:hctc20932mj9d6g0i0oln5dmos9srommi2@4ax.com...
What does ipcop give you that smoothwall doesn't ?
Well simply put, just about every usefull feature that you would have to pay
for in the Corporate version (Multiple Red IP, PPTP support, Save and
restore configuration backup to name a few).
There are also other options such as M0n0wall which provide even more
functionality than Express.
In both cases the biggest advantage is that of cost. Smoothwall started out
well enough as a good open source project but IMHO it got greedy. IMHO, if
you are going to spend money on a firewall, buy something from one of the
recognised leaders such as Watchguard.
Well, the makers of Smoothwall are just trying to make a living. I don't
really mind if they charge for the "corporate" version as long as it is
still free (and I do hope it is free [not nec. beer]).
However, I've just recently started to look at IPCOP (Smoothwall doesn't
do everything what I want) and it seems to have quite a few neat routing
features. I might just switch if I don't do LFS first ;)
--
Ben M.
----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.
What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).
Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.
Read about the ongoing battle at http://swpat.ffii.org/
---------------- |
|
|
| Back to top |
|
|
|
| Rob Nicholson |
| Posted: Sun Feb 08, 2004 7:20 pm |
|
|
|
Guest
|
Quote: smoothwall. It was quite apparent to me that it was just a difference of
opinion about the implementation of a firewall, rather than being a
vunerability as such.
Yes, it did appear like that. However, as I'm not an expect on firewalls,
things like this tend to worry me :-)
Rob. |
|
|
| Back to top |
|
|
|
| Rob Nicholson |
| Posted: Sun Feb 08, 2004 7:21 pm |
|
|
|
Guest
|
Quote: And don't be tempted to load up the Smoothwall box with other things
like file serving or whatever; same principle applies - fewer moving
parts, less to go wrong.
Ohh no, no worries about that - our firewall is a dedicated PC. Lots of
other servers for file & print et al.
Rob. |
|
|
| Back to top |
|
|
|
| neuro |
| Posted: Mon Feb 16, 2004 9:06 am |
|
|
|
Guest
|
Mike wrote:
Quote: [snip]
In both cases the biggest advantage is that of cost. Smoothwall started out
well enough as a good open source project but IMHO it got greedy.
Hogwash. As has been stated I don't know how many times, the company
revenue actually helps to fund the open source project. Would you rather
all the developers were destitute?
--
_ __/| ___ ___ __ _________ "Hell hath no fury like a woman scorned
\`O_o' / _ \/ -_) // / __/ _ \ for Sega." -- Brodie, 'Mallrats'
=(_ _)=/_//_/\__/\_,_/_/ \___/ @ well.com :: William Anderson
U - Ack! Phttpt! Thhbbt! http://neuro.me.uk/ |
|
|
| Back to top |
|
|
|
| John Bowden |
| Posted: Mon May 21, 2007 6:16 am |
|
|
|
Guest
|
neuro wrote:
Quote: Mike wrote:
[snip]
In both cases the biggest advantage is that of cost. Smoothwall started
out well enough as a good open source project but IMHO it got greedy.
Hogwash. As has been stated I don't know how many times, the company
revenue actually helps to fund the open source project. Would you rather
all the developers were destitute?
I totally agree with Neuro. I have been using SW since dial up days. Their
corporate version has a lot more bells and whistles but the gpl version has
more than enough for the home or soho user. I also use Fedora Core 6 and
Mandriva free down load operating systems. They both have a commercial
version of their o/s. All legal windoz users pay a high price for their o/s
and when its released they are free beta testers for an insecure bug filled
o/s. If M$ paid me for the time I have spent updating and configuring
windoz I would be a very rich man by now
--
Guy Fawkes, the only man to enter the house's of parliment
with honest intentions, (he was going to blow them up!)
Registered Linux user number 414240 |
|
|
| Back to top |
|
|
|
|
