SmoothWall setup

[mrmister1]

I was just wondering what the typical setup for SmoothWall was on a home network with a router.

Since it's basically a firewall, does it need to be directly connected to all the computers on the network, or can it be connected to the router that the other computers are connected through? If so, does it need two NICs, one to connect to the WAN and one to connect to the LAN? If it's connected to the router, how do you setup the computers to connect through it?

If it's connected outside the router, how would you connect to the Web Admin, since my ISP has blocked port 81?

Thanks for your help

[mbossman2]

quick read of the documentation looks like you can put it in line between your modem and router or behind your router but in front of the switch. all of your configuration should be done while connected to the private side of the firewall (it kind of defeats its purpose if you allow people to attempt to login to the firewall from the outside world)...

as with any firewall, all inbound and outbound traffic should passthru it before it heads off to its destination...you generally do not want to do an out of band set up as it is bound to fail to do what you want it to do.

[mrmister1]

By in line with the modem and the router, do you mean inside the modem, but outside of the router? If so, how would I connect to the web admin if it's not in my LAN?

Thanks again

[mbossman2]

by inline I mean all traffic in and out must pass thru the smoothwall PC...

what I would do is park the firewall directly behind the router and then run that into a switch and aggregate the PC's there..

[rspassey]

Here is how I have it set up (if this helps any)

ISP > Modem > RED Interface NIC(SW)

Then

GREEN Interface NIC (SW) > LAN Port 1 on Router > Rest of PCs (ports 2/3/4 on Router).

You *cannot* go from your SW to the WAN port on your router... it will not work that way (as far as I know). You basically are turning your router into a switch, or if you have a switch, you can use it inplace of the router.

You must go SW to a LAN port on your Router (and disable for sure DHCP and anything else on your router, as SW takes care of it all).

Smoothwall is much more powerful than your router's firewall. Especialy when it comes to customization and specific restrictions...etc.
For this reason, you do not need to double up Router and SW for two hardware firewalls.

I can't tell if this will answer your question, as I am a little confused about what you are asking, but I have set up Smoothwall 2.0 Express three or four times and have a pretty good understand of what it can do.

Additionally, it defeats the purpose to put the SW behind the Router because from what I have tried, you will run into conflicts and you don't need two hardware firewalls in a row. I am not saying it can't be done, but you for sure have to alter the range on the SW or router or else they might conflict and then you have lots of troubles after that.

And yes. you do need two NICs minimum... you can have more NICs to support more PCs directly (ex, 1 RED and 3 GREEN) but the same things is essentially accomplished with this set up:

Modem > SW > Switch > PCs (as many as your switch can handle).

I have yet to try a wireless NIC as a secondary GREEN (I will have to do that sometime to see how it goes.)

~Ryan

[mrmister1]

Quote:

Originally Posted by ryan124712 Here is how I have it set up (if this helps any) ISP > Modem > RED Interface NIC(SW) Then GREEN Interface NIC (SW) > LAN Port 1 on Router > Rest of PCs (ports 2/3/4 on Router). You *cannot* go from your SW to the WAN port on your router... it will not work that way (as far as I know). You basically are turning your router into a switch, or if you have a switch, you can use it inplace of the router.

So do you not use the WAN port on your router at all?

I have a Linksys router. If I used the option to switch it to function as a router instead of a gateway would that work, or would it just put all the computers connected to it on there own network?

[glc]

A Smoothwall essentially eliminates the need for your own router. I wouldn't even use it.

[rspassey]

glc said it. You do not need a router at all, but if you are doing this on a tight budget and cannot get a new switch right now, you can turn your router into a switch by connecting the SW and all the PCs to the LAN ports on the router. Make sure DHCP is turned off on the router too.

[glc]

You also need to change the router's internal IP address to be in the Smoothwall's NAT subnet and not conflicting with the Smoothwall or any of the computers.

[mrmister1]

Would that configuration still make use of the wireless? I'd really like to have the wireless still enabled.

[glc]

Yes. That's the only way to turn a wireless router into a simple switch and access point.