SmoothWall Configure Guide
By Jon Fautley (filbert@webbedmail.com) and Tom Ellis (trellis@webbedmail.com) Edited by Richard Morrell (rmorrel@valinux.com) and Lawrence Manning (guru@smoothwall.org)
Version: 1.2.1 - Date: 01/12/00
Version: 1.2.1 - Date: 01/12/00
This is the SmoothWall configure guide. It will tell you how to configure SmoothWall once it's installed. For the installation instructions, please refer to the installation guide.
CONTENTS
1. The Main Page and Users
If you view http://SmoothWall, where SmoothWall is the name or IP address of the SmoothWall box, you will be presented with the main status page. This page has links to the various user and administrator-only pages, as well as general status information. It also has a link to the Credits page, via the the logo at the top of the page.
If PPP has been setup error-free, buttons will be available to Dial or Hangup the Internet link. Upon the link going up, the SmoothWall machine will beep using its internal speaker. When the link goes down, it will beep twice. The status of the link will be displayed as either idle, dialing or connected. Press refresh to refresh this status display. At the foot of the page is the output of the 'uptime' command when ran at the command line. This includes the current time and the load averages.
SmoothWall has two web users, in addition to the root login user. The first is called 'admin', and authenticating as this user gives access to all configuration pages. The other user called 'dial' is able only to use the Dial or Hangup buttons. By default, the dial user is disabled; to enable it you must set a password for that user.
2. User pages
These pages are available to everyone on the local network.
2.1. Status Information
This page shows, from top to bottom:
Services: This is a list of all the services which may or may not be running on the SmoothWall. All accept the DHCP server should be running at all times. On machines with low amounts of memory (8 megabytes or less), some services may get 'swapped out' to disk to save memory. This will be indicated here.
Memory: This is the output of the 'free' command. It shows the amount of memory used for programs, disk buffers or cache.
Uptime and users: This is the output of the 'w' command. Shown is the number of users logged in (via telnet).
Interfaces: This is the output of the 'ifconfig' command. This shows network interface information.
2.2. Network traffic graphs
This page contains graphs of network traffic over the last 8 hours. The four graphs show traffic on the Ethernet interface and the PPP Internet link, in both the incoming and outgoing directions. It also shows the total bytes sent during that period. It is updated every half an hour. The black line is an instantaneous reading of traffic, taken every 5 minutes. The red line is an average plot.
3. Administrator pages
These pages are available only to people with the 'admin' login and password.
3.1. PPP setup
This page is used to setup PPP for dialing to the Internet. Up to 5 profiles can be created to store dialup details.
Profiles: Profiles can either be 'Empty' or contain dialup details. Pressing the Save button stores the settings in the current profile. To create a profile, give it a name and after entering the details, click Save. You can create additional profiles by choosing an empty profile from the list and entering the new details, before pressing Save. Use Select to make a profile the current one for dialing from the main page. You cannot select an empty profile; instead simply choose it from the list and Save your new details to it. You can delete a profile with the Delete button; this will make the previously selected profile the new currently selected one.
Telephony: A dropdown box sets the modem COM port. COM1 through to COM4 are available. Depending on the computer and BIOS setup, you should set this to the COM port which is connected to the modem. Enter your ISPs dialin access modem number into the number box. It should contain only digits.
The Computer/Modem rate dropdown box sets the baud rate between the computer and the modem. Usually the highest setting, 115200, will suffice and give the highest available download speed from your ISP, but on very old computers with old serial controllers, you may need to select a slower speed.
The Persistant checkbox is used to instruct SmoothWall to try to redial the line if the link fails for some reason. Use this with caution; if you have metered charges you probably not want to use this. However, if you have a free call ISP you probably want to use this to always keep the link up as much as possible.
Whether or not Persistant is enabled, if more then the Maximum retries number of dial attempts fail in a row, SmoothWall will give up until you try to dial the link again by pressing the Dial button.
You can choose Tone or Pulse dialing using the dropdown box. A checkbox is also provided for enabling or disabling the modem's speaker during dialing.
The idle timeout setting, when used in non-persistant connections, sets a time of inactivity, after which the line will automatically be dropped. Setting this to 0 disables this timeout.
Authentication: Username and Password are the username and password that your ISP would have supplied you with when you joined.
There are several ways in which ISPs use this username and password to login to their systems. The most common methods are PAP or CHAP. Select this is if your ISP uses either of those two. If your ISP uses a text-based login script, choose standard login script. For people in the UK who use Demon Internet as their ISP, a special script has been created for them to use. The Other login script option has been provided for people who have ISPs with special needs. If you need to do this, you will need to login to the SmoothWall box and create a file in /etc/ppp. This filename (without the /etc/ppp component) should be entered into the Script name box. The file contains 'expect send' pairs, separated by a tab. USERNAME will be substituted for the username and PASSWORD for the password. If you examine the file demonloginscript in /etc/ppp all should become clear.
DNS: Here you can either enter the IP addresses of your ISPs DNS servers, or select Automatic if your ISP supports automatic DNS server configuration, which nearly all ISPs do.
Click Save to save the settings. If there are errors, you will be informed in the Error messages box. Click Restore to reload the old saved settings.
3.2. Change passwords
This page lets you change passwords for the 'admin' or 'dial' web users. Enter the new password twice in the two password boxes and click Save to activate the change.
3.3. Remote access
Here you can enable or disable SSH, Telnet and FTP access to the SmoothWall box. By default, none are enabled.
There is only one login user in SmoothWall, the 'root' user. With this username and the password set when you installed SmoothWall, you can SSH, Telnet or FTP the SmoothWall machine.
Note that SSH is available on the external interface.
3.4. DHCP Configuration
SmoothWall may optionally run a DHCP server, and here is where it is configured.
Start address and End address set the range over which you wish the DHCP server to supply dynamic addresses. This address range should not contain other machine's with static assignments. Suppose you had a network in the 192.168.0.0 range. Assuming all your statically assigned IP address were all lower then 192.168.0.100, you could use the upper portion of the address range for the dynamic addresses. In this case your start address would be 192.168.0.100 and the end address could be 192.168.0.254.
The two DNS servers addresses specificy what the DHCP server should tell its clients to use for their DNS server. Because SmoothWall runs a DNS proxy, you will probably want to leave the default alone and set the Primary DNS server to the SmoothWall box's IP address. If you run a local DNS server and want your desktops to use it, set the Secondary DNS to its address.
The Default and Maximum lease times can be left at their default values unless you have specific needs.
The Domain name suffix sets the domain name that the DHCP server will give to the client.
Enable the DHCP server by ticking the Enable checkbox. When you press Save, the change is acted upon.
3.5. Shutodwn control
This page contains a single button, Shutdown. Upon clicking it, SmoothWall will start its shutdown sequence. When its complete, the SmoothWall box will beep once indicating that you can disconnect the power.
Alternatively, you can shutdown SmoothWall from the console. Press Ctrl+Alt+Del to start the shutdown sequence, as per the shutdown button. The machine will NOT reboot.
3.6. Log viewer
Here you can view the system logs for one of six sections: PPP logs, DHCP logs, kernel logs, SSH logs, Logins and Logouts and a general SmoothWall log. The SmoothWall log shows general SmoothWall events like PPP profile saving. The dropdown boxes at the top of the page select which day you wish to view.
The PPP log is mostly useful for discovering the reason for connection failures and the like.
3.7 Firewall log viewer
Like the normal log viewer, you select which date you are interesting using the dropdown boxes at the top of the page. The body of this page is made up of a table of packets which were dropped by the firewall. Included here is the Source and Destination IP addresses and ports, as well as the protocol involved. Note that not all denied packets are hostile attempts by crackers to gain access to your machine. Connections to the ident/auth port (113) are common occurances and can be ignored.
4. Configuring desktop clients
If you are utilising the DHCP server, enable the receiving network configuration via DHCP in the network setup of the particular operating system. SmoothWall will then assign it an address, DNS servers, and point its default gateway back to the SmoothWall box.
If you are using static assignments, pick an IP addresses for each client. Set the DNS server and default gateway to the SmoothWall box.
|