Sphirewall Project

I stumbled on the Sphirewall Project the other day. Sphirewall is an open-source Linux firewall to compete with Iptables, Smoothwall and Monowall. The following are excerpts of the Sphirewall website.

Sphirewall is an open-source Linux firewall and router that provides advance user management and bandwidth analytics coupled with powerful flexibility.┬áIt’s open-source, free, easy to install and built from the ground up not using iptables.

Check out the features below

  • Full NAT/PAT and ip filtering support
  • User authentication and group based filtering
  • Detailed analytics and reporting on network traffic
  • Web, commandline and json api based management

You can download the debian iso, burn it to a cd, usb stick or mount it in your favorite virtualization system and get it running in minutes.

The Perfect Server Based On Ubuntu 10.04

There is no such thing as a perfect server, but this particular one is as close as you can get to being perfect. This tutorial will walk you through how to install the Ubuntu 10.04 LTS Server with all the services available typically that you get from ISPs and hosters.

It contains the installation of Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Courier POP3/IMAP, Quota, Firewall, etc. It also installs the free web hosting control panel called ISPConfig2. Here’s the link to the tutorial.

SmoothWall 3.0 SP1

Four years ago, I wrote about my experience using SmoothWall 2.0. It’s time to revisit this old and trusty firewall. There is a new version that is out this year, SmoothWall 3.0 SP1. SmoothWall is a free GNU/Linux-based security-hardened firewall with an easy-to-use web interface. There are essentially two products: SmoothWall Limited and SmoothWall Express. Limited is the commercial version, while Express is designed for home and small businesses use. There are lots of new features with version 3.0. First of all, there are 4 different editions: User edition 32bit, Developer edition 32bit, User edition 64bit, Developer edition 64bit. According to Smoothwall’s website:

The developer editions includes the complete SmoothWall Express functionality, but also contains the needed tools for working on Express itself, including complete builds, check outs and commits. It is therefore possible for interested coders to work on Express from their very own firewall. This marks a turning point for SmoothWall: it is now easier then ever for people to work on the project, make custom modifications and get involved with the SmoothWall team.

Features since 2.0

  • Supports a 4th NIC for Wireless Access Points.
  • 64bit support – additional builds for 64bit Intel and AMD chips.
  • Based upon linux 2.6 kernel.
  • New realtime traffic graph shows traffic bandwidth usage over time (AJAX).
  • Per-IP address traffic statistics collection in all traffic stats pages – you can now view weekly, monthly, etc totals for specific internal IPs, or see which local IP is using the most bandwidth, in real-time.
  • IM proxy with logging and filtering abilities (MSN/AIM/ICQ/Yahoo).
  • SATA/SCSI support.
  • Support for many new gigabit NICs.
  • Streamlined installer/setup.
  • Quality-of-Service (QoS) support for traffic-shaping and management – nice and easy to use but powerful, can traffic shape Peer-to-Peer traffic.
  • SIP proxy support using siproxd, with transparent mode.
  • Protection-level profile selector at install time can be used to pre-configure default settings.
  • Timed-access feature for allowing or blocking access to a list of IPs or subnets based on time of day and day of the week.
  • Outbound filtering.
  • Portforward and other networking pages now use the new service list controls.
  • New update mechanism which can download and install all pending updates with a single click.
  • Brand new even prettier theme. The polar bear is back!
  • Devel editions for people interested in hacking on smoothie.

SmoothWall is a great product. It definitely worth’s a try.

Vncserver on Fedora Core 4

I’m posting this article to document the setup and configuration of vncserver on my Fedora Core 4 desktop. I’ve had a hard time finding the right documentation online. So, I’m making this document available to anyone who might be looking for help configuring the vncserver on the Fedora Core 4 and 5 platform. And now, Fedora 6 as well. Let’s get started.

1. If you haven’t installed the vncserver yet, type in the following commands from the bash console to start the installation process.

yum -install vnc-server

2. The following commands takes you to your home directory and starts the vncserver configuration. You’ll be prompted to enter your vncserver password twice. Vncserver will then create several files in the .vnc directory underneath your home directory.

cd
vncserver

3. Change directory to .vnc directory and edit the xstartup file and remove the “#” uncommenting the following lines:

unset SESSION MANAGER
exec /etc/X11/xinit/xinitrc

cd .vnc
vi xstartup

Save the file by typing “:wq”

4. If the firewall is NOT installed, skip the next two steps. Otherwise, login as root. Change directory to /etc/sysconfig. Edit the iptables firewall.

su
cd /etc/sysconfig
vi iptables

Add the following rules:

-A RH-Firewall-1-INPUT -m state --state NEW
-m tcp -p tcp --dport 5901:5909 -j ACCEPT

Save the file by typing “:wq”

5. Restart the firewall.

/sbin/service iptables restart

6. Start the vncserver with the following options. If successful, you will see a message stating the server has been started.

vncserver -geometry 1024x768 -depth 16 :1

7. Now access the vncserver from another machine, using either a Windows or Linux machine. You can use the vncviewer program which is available for both Windows and Linux platforms.

From Linux, enter the following command:

vncviewer hostname:1

From Windows, start vncserver application and type hostname:1 in the dialog box.

Enter your vncserver password!

Addendum:

8. Perform the following commands to make the vncserver server start at boot time. Login as root. Change directory to /etc/sysconfig.

su
cd /etc/sysconfig
vi vncservers

Edit the vncservers file and type in the following:

VNCSERVERS="1:user1 2:user2"
VNCSERVERARGS[1]="-geometry 1276x968 -depth 16"
VNCSERVERARGS[2]="-geometry 1024x768 -depth 16"

Save the file and reboot. I tried restarting vncserver via Services without rebooting, but it didn’t work for me. So, a reboot is necessary. The vncserver should start automatically after each reboot.

9. Finally, if you like to run the vncserver on several runlevels other than the default 5, perform the following commands.

Check status of vncserver:

chkconfig --list vncserver

If you like to activate vncserver on different runlevels, for example 3, 4 and 5.

chkconfig --level 345 vncserver on

10. That’s it.

Smoothwall Firewall

It’s official. I am now using Smoothwall firewall at home. I made the switch yesterday afternoon. Now, I feel fairly secure about my home network. I have several systems at home running different flavors of Linux plus a laptop on a wireless network. Prior to the switch, I had a Netgear wireless router that acted as a router, firewall and a wireless access point.

Continue reading “Smoothwall Firewall”