Make your own “Hardend Internet Firewall” using that forgotton PC in your basement.
Yes.. You know the PC I am talking about. We all have them. Remember that $3000 Pentium 133 with 64megs of ram that you bought? Well instead of it just sitting there gathering dust, lets put that bad-boy to work. Using a few FREE tools, we are going to create a linux based Hardend Internet Firewall.
First lets make sure our system can handle it.. The minimum requirements for this project is as follows:
* Pentium 100mhz or better
* 32mb of ram
* 1 gig hdd
* Bootable CDRom Drive
* 2 10/100 Network cards
Before we begin, take a second to give this old computer a decent cleaning. Clean out the Powersupply, reseat all the cards/memory/cables/etc.. Then power it up and make sure that every seems to be working correctly.
We will be utilizing my favorite firewall software, Smoothwall.
“SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Linux is the ideal choice for security systems; it is well proven, secure, highly configurable and freely available as open source code. SmoothWall includes a hardened subset of the GNU/Linux operating system, so there is no separate OS to install. Designed for ease of use, SmoothWall is configured via a web-based GUI, and requires absolutely no knowledge of Linux to install or use. “
There are actually several different linux based firewalls out there, I chose to focus on smoothwall because it is a very secure platform, and there is a very active support and modding community.
The others that I have found worth mentioning would be Clarkconnect and IPCop.
Step 1: Installing Smoothwall onto your machine
To install SmoothWall Express it is necessary to create a CDROM from the .iso image file that can be downloaded from Smoothwall’s site. All common CRROM burning programs can do this – but it is vital to select the “create CD from Image file” option. The .iso image file image file is similar to a ZIP archive, it needs to be decompressed and expanded out to the individual directories and files that constitute SmoothWall Express. If the more normal “create Data CD” option were used then the .iso file will almost certainly be copied a single file to the CDROM.
1. Insert the CDROM into the computer you intend to make your new firewall and boot the PC. If the installation process does not start, reboot the PC and enable “Boot from CDROM” in your computer’s bios. If your computer does not support booting from CDROM, you need to create two boot floppy disk from which to start the installation process. This can be done from the Autorun procedure or by running the RawWriteWin program from the CD’s /dosutils directory. The image files for the two floppy disks are held in the /images directory. Select the Write tab, then either browse the CD for the first boot floppy image file / images/bootdiskone-2.0.img or key its name into the Image file name field. Insert a formatted floppy disk and click the Write button to transfer the disk image onto the floppy disk. When complete repeat the process for the second boot disk /images/bootdisktwo-2.0.img.
Warning!
Going any farther will cause ny data stored on the hard drive of the PC on which SmoothWall is to be installed to be overwritten as part of the installation, so it is imperative prior to SmoothWall installation to back up any data that is considered valuable. Do NOT install SmoothWall Express onto your main or only PC – you WILL lose all the data on the hard disk. SmoothWall Limited/I-hacked.com cannot be held responsible for the loss of such data.
2. Follow the prompts and install Smoothwall onto your computer. The installer will probe your computers hardware and determine what drivers to install.
3. If everything goes as planned, you will now need to supply your “Smoothie” (Computer with Smoothwall installed) an Internal Protected IP Address. Most small networks can safely use the default settings. Internal private addresses, such as this, are never exposed to the internet. After this point, you are pretty much done with installing Smoothwall, now you will just need to configure it. Remove the CDROM and floppys (if any) and press ok to run setup program.
Step 2: Configuring Smoothwall
The Setup Program completes the basic configuration of SmoothWall Express. It allows you to configure your keyboard layout, hostname, DHCP server, system passwords and any proxy server settings that may be required. It will probe for and configure ISDN cards, USB hardware and further Network Interface cards. If your Internet connection is via an Ethernet router or a cable modem you will need to configure a second NIC and select the GREEN + RED network configuration. If your Internet connection is via ISDN, USB ADSL or a modem, then use the default GREEN (RED is modem/ISDN)
network configuration. From here on out, when you hear the word GREEN assume internal protected network, and RED assume the internet side of your Smoothie.
1. Most ISPs don’t use Proxy Servers but if yours does it is necessary to enter its Hostname and IP port used.
2. If an ADSL modem is to be used then the make/model must be selected and the VCI/VPI parameters configured in the Setup program. Likewise for an ISDN connection, the ISDN card must be either automatically probed for or manually selected from a list. USB ISDN adapters cannot be identified by probing so must be manually selected/configured. The ISDN parameters such as the protocol and local phone number must be configured.
3. In the case of an Ethernet connection to the Internet, the IP address of the Red (Internet) interface must either be specified as a static public IP address or the Red interface configured to request a dynamic (DHCP) address from the router to which it is attached.
4. SmoothWall Express’s DHCP (Dynamic Host Configuration Protocol) Server can be enabled and configured. The use of DHCP simplifies the configuration of the PCs that will use SmoothWall Express as their protected gateway to the Internet. SmoothWall Express’s DHCP server will dynamically allocate an IP address to each PC that requests a TCP/IP address. It also automatically transfers other TCP/IP information that is needed to use SmoothWall Express as an Internet gateway. This is much easier than having to configure this information into each PC that will communicate via SmoothWall Express.
5. Setup finishes by rebooting the PC. Before confirming the reboot with the Ok button, ensure that all the network cables are plugged in and that your modem or ISDN card (if present) is connected and ready for use. After the reboot, when SmoothWall Express has been initialised and is ready for use, you should be presented with a simple Unix/Linux style Login screen. You have now successfully installed SmoothWall Express.
Almost done…
After your Smoothie has rebooted, you will need to make sure you place it in the correct spot in your network. We will discuss a cable modem setup.. If you have questions on other setups, please ask in our forums and one of us will be more than happy to help. In our simple cable modem setup, we want the Cable modem connected to the RED interface on the Smoothie, and the GREEN interface connected to our internal router or switch. If you have a router make sure to disable all NAT functions (Most of the time, SOHO routers call this a firewall, so disable its “firewall”) Now make sure all your computers are configured for DHCP and reboot them all, they will receive an IP from the Smoothie and you are all ready to go.
To access the web interface to further configure our Smoothie you will open a browser on one of your internal computers and go to the address:
https://192.168.0.1:441,
assuming the Setup program’s default local network IP. (If not substitute with your own ip) A security certificate challenge message will be displayed – press the Yes button to proceed. You will then be presented with the SmoothWall Express Control page, with two rows of links at the top, which take you to further configuration, management and reporting functions.
Congrats, your Smoothie is up and running! Couple last things you will want to do:
* Install all updates You will need to download them to your computer, and then upload them to your smoothie via the webinterface. Make sure to install in order, & reboot in between each patch.
* Download and read all documentation.
* Register for their support forums.
Check out some of the mods available you can make your Smoothie do some sweet things. Here are some of MY personal favorite mods (by no means a complete list.. There are new mods almost every day)
by Evilb4st4rd