LAN/Internet protection with a Firewall, by Karl Shoemaker, AK2O

Introduction

Computers and Internet can be rather overwhelming with information. We live in a technological nightmare meaning, these "toys" are lots of fun, until they break or you get intimidated with too much information. Human learning goes way down; you read a sentence, but nothing is registering. This is so typical when visiting a web site; you get "lost" in all the stuff on there, forgetting what you really were trying to do. Even this page is considered a "mouthful". We will try to get through it a piece at a time. To better understand what happens with computers and the internet, there's some very basic information here. Some of it may not be 100% complete, however for the sake of getting through this some of the explanations are kept simple without the boring details. Actually, some of this article can be boring, so if you start to get glazed over in your eyes, take a caffeine or run-around-the-house break once and a while. For security resons some of the images and specifics on this site installation with sensitive information are edited.

History and Definitions

Personal computers (PCs) operate with "files" on a "hard drive" to operate them. Files are usually stored as magnetic media, in the format of molecules changing direction or polarization at a digital rate. This information is a series of millions of "ones" and "zeros" (1 and 0), in base 2. Some of these files give instructions to your PC in the form of "programs". In the modern world these programs are sometimes called "applications" or "apps" for short (plural), especially in Windows® based PCs. Windows is a trademark of Microsoft Corporation. They produce a batch (variety) of "Operating System" ( O/S, or just "OS" ) for PCs to function. Over the years the several versions include "DOS", "Windows® 2, 3, 95®, 98®, 98SE®, ME®, 2000®, XP®" and now "Vista"®. Windows provides you with a Graphical User Interface (GUI) so most tasks look good and are easy to perform from your screen, keyboard and mouse (pointing device). The keyboard is still necessary to type letters, messages and also for "command prompt" instructions that you might need to type to tell your PC to perform certain things. Most documents and text communication are still done on the keyboard.

Some of these apps can allow you to get on the World Wide Web (WWW), hence, that's part of many addresses you see in your browser's window, normally near the top of the screen. This address allows your computer to communicate with millions of other "computers", actually, "virtual" computers, containing web pages, or web "sites". Navigation on a web site is generally defined as clicking your mouse on portions of a web site you are visiting and by viewing the text (actually Hypertext), pictures and even sounds. These take time to get into your computer, so your "operating system" and other internet devices can put these items on your screen to see and to speakers to hear. A domain can host a site, but not the other way around. In other words, a domain is like garage and the site is the car, inside. Most domains use a numeric IP Address. Since there are millions of sites on the web it's impossible to remember them. To help people, (users) an alpha IP address (letters, words, etc.) can be used for most domains (hosting web sites). To get to a web site, all the PC user has to do is (keyboard) enter the name of the domain (web site).

There's one more trick that has to happen and it does this in the background without the PC user knowing, or caring how. For understanding how the internet works, however, it's nice to know this trick. It's done by several registars (not a typo) having a "data base" of all known domains, thusly all web sites. They translate, or more correctly stated, resolve the alpha to numeric IP address internationally, anywhere in the internet. When resolved, the incomplete address in the PC's browser window is updated and gets instructions from that site from html type files, telling the users PC's screen to load up with titles, paragraphs, words, pictures and everything else you've come to know what the internet is. One last thought: The internet is everything out there. The World Wide Web (WWW) is part of the internet, and not vise-versa. This is good to know the difference when identifying addresses of sites. In fact, the complete address you type contains acronyms. For example, http://www.google.com, stands for:

http= Hyper Text Transfer Protocol
//=to follow the site's IP address
www=World Wide Web
Incidentally, IP means Internet Protocol

I.S.P. and Access

Of course, for any of this to happen you have to connect to the internet in some fashion, commonly known as an access point. An Internet Service Provider ( ISP ) can do this for you. ISPs can provide either on a (slower) connection via telephone company lines, or a (faster) "broad band" or "high speed" connection, or both. The latter comes in two methods, wire (DSL, ADSL, ISDN) or wireless (radio waves). The latter will require a line-of-site path to the ISPs access point and be fairly close in miles. Most ISPs operate on the 2 and 5 GHz radio bands, possibly higher, with either 802.11b, g or spread spectrum and/or WiFi formats/protocols. To communicate with these type of signals you need to purchase a radio transceiver with the same frequency band and protocol. Many times ISPs will have the correct equipment either in stock or have a source to guide you in the right direction. This equipment is moderately expensive, but, if taken care of can last 3-5 years, or until technology makes them obsolete, which ever comes first. A competent ISP should be able to answer most of your technical questions and provide documentation on contact/support, installing and operating the equipment for internet access.

Some offer to install and setup the equipment for you as a package deal or separately. Be prepared to spend some money if you have them do it. You sign up (sometimes a contract) and issued a username and password and instructions for accessing the land-line or wireless points. Some ISPs require valid I.D. so be prepared to give out some personel information, including your Social Security number, home address, telephone number, etc. The internet is wide open to all kinds of oppertunites, both good and bad, legit and not, therefore, the ISPs wish to protect both parties with such open access.

Most modern wireless connections consist of a radio (type of modem) to convert radio signal to current ethernet type signals, which are compatible with a Local Area Network ( L.A.N. ) Your PC has a Network Interface Card ( N.I.C. ) either plugged into it's mother board, or built-in the motherboard from the factory. Most modern NICs use the ethernet 10 base 100 (10/100) protocol. There's a lot of information on the internet about this. NICs are a way for devices, such as computers, firewalls, routers, switches, etc. to communicate with each other. Most NICs use the modular type plug called a RJ-45 jack or plug. These are an eight-conductor connection, however only four conductors are normally used for a LAN. A RJ-45 plugs into these NIC's RJ-45 jacks. There's usually a green indicator to verify communications, however this does necessarily mean you have the correct type of cable. (Remember the straight and cross over discussion?) As a side note, that document addresses the incorrect calling the "RJ-45" plug as well.

A word of caution and awareness may be in order. The Internet (World Wide Web) can be a wild place to visit/surf. Picture the Internet is like downtown Las Vegas Nevada or Bagdad, Iraque, at night time and your PC is you walking around, alone with no protection. This probably doesn't surprise you in this day, but there are bad people out on the web/internet trying to gain access to your computer to play pranks, steal personal information (bank records, SS number, etc.) or inject a virus, to do that for them. One way these people accomplish this "task" is by scanning for vulnerable PCs out there, including yours, assuming it's connected to the internet. Most viruses are written by very talented people, with this energy going in a negative direction. Most of them are written for Windows® based PCs. Most Mac® and Linux based PCs are less at risk. Many broad band users stay connected for long periods to the internet. This can leave your PC open to "hacking", viruses and other nasty things. Having said this, even "dial-up" users may be vunerable. More recently there are smart "worms" designed to play havic after you've hung up (off line) with your PC. To help prevent most of this, you need to install a "Firewall" between the internet and your PC.

There are several type of Firewalls. While some are Windows® based (internal to your PC) others install a "router" between this (internal) Firewall and the internet. While this arrangement is popular with people that don't have the technical expertise, an effort to learn more will pay off in greatly added security for your PC and it's files. To accomplish this we will discuss a Linux based (O/S) with a Firewall product called Smoothwall Express. The express part of the name indicates it's the free version of the company's expensive commercial firewall software. Because of this being free, do not expect factory support. There is, however, user groups and other forums involved with SmoothWall, which can be helpful information. It's not that bad;just takes some time to learn it. The company is in England, so take that into account if you do happen to phone them. SmoothWall Express is open source (no secrets or controlling restrictions, like Microsoft® does) and you are welcome to modify it, if you so inclined. In all fairness, support and defense of Microsoft®, they do keep the secrets because they are in it for the money, and do offer support. That's why it's expensive. At present, most of the world uses their operating systems, because they do not have the time to learn other systems. However, there is an alternative, and that's what this article is about. SmoothWall is FREE, like a hobby so appreciate that. It's also a very stable application under a very stable operating system of Linux.

The project

As with any project, to build a system you need to first think and plan out what you wish to do; like building a house. In the Author's case this system uses 2-3 PCs around the house, some with Windows® 98SE while others running Windows® XP on them. Either O/S will work fine on a LAN, which in this case is 10/100 base either net. Most of the cable and wiring around the house is 568B standard. The access point is just a couple doors away. Remember, these IPSs are operating on a shoe sting for a budget and many times are one step away from financial failure, so don't expect a lot of free technical support to get your LAN up and running. In the Author's case, with the help of 3 friends on site they got the support needed to get things up and running. After a few hours and several calls to the (nice) ISP they obtained success. One major mistake the Author did was not to keep GOOD notes on how to do this. Two years later was seriously challenged to do this again. Please take note of this. This mistake was the major driving force to spend several hours on this article of documentation to save someone else the misery of inventing the wheel, as so to speak. This all came to surface when a project to built up a spare Firewall "box" or two, in the event of an equipment failure (lighting, surges, old equipment, etc.). In this event the LAN connection could be restored in a very short time, even late at night or weekends, without a clear head or help from the outside.

The installation

The installation will be in three basic stages;

  • The physical equipment placement, cabling, cords etc

  • Installing the Smoothwall software

  • Setup and Configure of this Smoothwall firewall

    Placement is your decision where you wish the components. Place them in a logical order with ease of physical access in event of maintenance. Neatness is nice, however, don't get all tied up (pun intended) with those plastic ties and all the cables, to a point you cannot move or trace anything without cutting them, later. For installing the software, the documentation comes with the downloading of the Smooth Wall Express "package" from their web site, which has all the instructions on how to do this. They give you the option to create either a (2-disk) floppy installation set, or a (single) CD install disk. Even though the Author prefers the former (old school) the later was choosen to be compatible with "peers"/friends/helpers for the very first installation in 2005-ish.

    Starting with the ISP's access point (left picture) is a microwave (incoming) link from their "head end" office, then repeated to your local neighbor, usually on an Omni-directional antenna, with the usual 802.11b or g protocol. From that signal you can use a grid dish (right picture) or when real close even a whip on the back of the radio (or PC card) will work. For this project the ISP's antenna is about 300 yards away on a 100-foot water tower. Because of being real close multi-path distortion and path loses were not an issue. In fact, a little whip antenna was all needed to connect, however, the Author choose a little more RF "headroom" with a grid dish antenna, from an old TV down converter from a discontinued TV provider. Since the antenna did not have any electronics in it, therefore, was passive, it was a simple matter of mounting and pointing it to the ISP antenna.

     

     

    If you are fortunate to already have a radio and antenna in your possession, it should be able to "see" a signal from the ISP access point. If you are satisfied with the signal proceed with the next steps. Otherwise, if you don't have the radio equipment or need to purchase it, now would be a good time to call the ISP that serves your area. If you are using the same equipment as the Author's you might tell them you'll be installing your own equipment (whether you purchased it from them or elsewhere) and will be running PPPoE (Point-to-Point-Protocol-over-Ethernet). At this time they should also be asking you any other pertinent questions. Be sure to establish the type of support you may need, in case of problems. This is probably the major issue with any ISP. So find out what you are getting for your money, when you sign up. If you forget/fail to communicate this, with understandings, you may end up "paying" for that mistake at a later time. House calls are usually expensive and sometimes not convenient to the homeowner. It's up to you.

     

    From the (grid dish) antenna low loss (LMR-400) cable ran to inside where a rack of LAN equipment with an "N" type coaxial termination. White outer jacket was chosen for easy identification in a cable group on the tower or inside routing of wires. This type of coax is suitable for shorter runs, like this 30 footer to the radio. The little signal loss this type of cable run is more than made up in the gain of the antenna. Plus, the fact this model of radio runs a +18 Dbm will insure a good path/connection to the ISP's access point. A +18 Dbm radio is plenty of power for even long distances; more than a mile, line-of-sight. Take this into consideration if you are far away from the access point.

    You can see the (white) coax enters the rear of the radio, which has a reverse TNC connector. Since the end of the coax was terminated with a "N" male, an order to Mouser Electronics (part number 523-242131RP) for a reverse adapter was needed to get it back to the "normal" N type connector for the coax to plug into.

    The radio takes an external (wall-wart) power supply from standard 110 AC. Its on UPS back-up power. More on UPS later. It also has an ethernet (RJ-45) jack in the back. The front has some nice indicator (LED) lights for status and troubleshooting the system. It's small and fairly economical (About $150).

    From the radio, is a cross over cable, going to the red NIC on the firewall. The other side of the firewall's green NIC is connected with a straight though cable to a 4-port switch, which allows four PCs to be connected on this LAN. In fact, if you run out of ports, and/or have a long distance to run you can install additional switches along the way. The Author's system has one switch (a cheap router strapped as a switch), with the green side connected, a local PC, another run to another room, plus a long run into the house. In the house is a second 8-port switch with some "home runs" to various rooms for present and future PCs to be operated on the internet.

     

     

     

     

     

     

     

     

    The front of the radio has three indicators: power, LAN and WAN, the latter being the IPS's access. Normally (while connected) all three should be lit. A switch, to the left of its distributes the (protected) traffic from the firewall, which we will cover, later.

     

    It's a good idea to support the firewall, radio and switch on U.P.S. power for brief outages, especially on weekends. The "hungry" devices, such as monitors don't need this since most of the system will be accessed remotely on their separate equipment at another location, such in the home. It's also a good idea to label most of the AC cords, so you don't unplug the wrong one, at the wrong time. For black (cords and such) surfaces, the Author found a silver felt marker, instead of the (miserable) black ones you find everywhere. For the firewall site, it's good to keep a few spares of cables made up for future expansion, testing and troubleshooting.

     

    The UPS the Author choose is APC brand and model 350. Sold locally around $40, plus tax. You should measure (or at least know the specification) the AC current draw for each device supported by the UPS. In 2010 the Author found the following equipment on that UPS:

  • The access radio only: .04 amps (40 mA).

  • Adding the file server brought it up to: .35 amps (while HDD was accessed, otherwise, was .27 amps).

  • Adding the firewall brought it up to: .53 amps while HDD was accessed, otherwise, was .51 amps).

  • Adding the switch brought it up to: .71 amps.

    The UPS under normal conditions puts out 120 volts; running on battery the output went up to 123 volts.

    Therefore, under battery condition with both drives being accessed the total equipment draw is 87.33 watts. It's also a good idea to "test" the system with UPS support by pulling the source AC power. The load test performed passed at 2 minutes, however, it's expected the UPS will run for 8 minutes before being exhausted; based on the factory chart . This time is only for brief power bumps; anything expected longer should utilize a larger UPS.

    Remember that NICs and the radio are like devices. Therefore to "test" with they need a cross over cable between them. Switches, Routers and Hubs are also like devices between themselves. Having stated this, remember two other items. One, the two groups of devices just described are unlike between them. Therefore, if you are connecting any of these devices with the NIC, radio, etc, between them you generally can use a straight through cable. Two, sometimes Switches, Routers and Hubs have an auto-configuration which is a double-edge sword. Yes, you don't have to remember whether to use a cross-over cable, but you do not learn or remember this arrangement. Too many features may end up confusing you when doing trouble shooting. So be ready for the unexpected. For more information on these types of cables read over the page about Ethernet Cables on this site.

    Most devices have either a single green light (LED) or a combination of green and amber ones. Some devices even have red indicators. They all mean indication of the working status, as to assist you in figuring out where a problem might be. Read any documentation that may come with the products for the correct meaning of these indicators. If there's no documentation you may have to spend extra time in "inventing" your own manual and notes for future reference.

    The rear of the Firewall's PC will have two NICs, a "red" and "green" one, for the internet side and (protected) LAN side, respectively. It's a good idea to label each NIC (as shown) and mark each cable to avoid grief later, when working on the system and changing out equipment. Hardware seems to be a cause of big time-consuming and frustrating repair issues on LANs. For example, the Author and a friend spend several hours trying to get a second (backup) firewall box on line. The next day the Author discovered the wrong type of cable was being attempted and discovered a cross over cable was needed between the radio and red NIC. (like devices). Much more discussion is covered on this subject in the Ethernet Cable article on this site. The center picture shows an example of a good site, containing a Firewall box, a Windows® (98SE) box, with their own keyboards, one mouse and monitors for on-site on-line testing. At the top of the rack is the radio and switch, which we covered earlier.

     

    If you have a large bench to lay things out, helps when building up a firewall box and deciding which components to use, such as the NICs. NICs come in many brands and models, either in PCI or the old ISA slot type. During the "setup" Smoothwall Express will automatically identify most PCI cards and a few ISA cards, so take that into consideration when selecting them. Even for the older ISA cards you still can manually configure them, it just takes longer. One other point recently discovered was that certain NICs don't "like" to work well with certain others NICs in the same PC. For example, using a mixture of card slot types don't always work. When an ISA and a PCI NIC is installed in the same (firewall) PC SmoothWall would "talk" to them on boot-up, however, the green one did not seem to communicate with another PC (and it's NIC). When both red and green NICs where the same slot type (PCI or ISA) things worked fine, even with different models of NICs. Going through half a dozen NICs took half the night, however some "spares" where found this way and where put boxed up for that "doomsday" when lighting or some other culprit might strike.

     

     

     

     

     

     

     

     

     

     

    The Smoothwall installation will identify the MAC address for each NIC, however, you can find out that most of the NICs have labels on them with this address. A MAC address identifies a physical device for LAN management. The left is a PCI slot type, with an ISA on the right. Notice the newer and older board technology has the components of opposite sides for each type, along with the (obvious) board pin differences.




     

     

     

     

     

     

     

     

     

     

     

     

     

     

    .

     

     

     

     

    On the green side of the firewall, a (straight through) cable then can run into a switch to distribute the LAN for other devices at the site. From this site is a 300-foot run into the home. This connects to a second switch, shown here, for two reason. 1- after that long run the signals need a boost/buffering and 2-Several areas of the home need workstation/PC "drops" (connections), therefore, this 8-port model was locally purchased. Most of these switches run around $30 as of 2006. Again, it's a good idea to mark the cables so you know where they go, when troubleshooting something a year or two later.

    Smoothwall software

    Now that you've got your hardware installed, it's time to install the software. The quick install (pdf) file will get you going. The first time may be a little scary, but just take your time. This (fixed) document is a little distracting with the orange bars and bold font, therefore, the Author converted it to a MS-Word document, obtainable, here by either clicking to open it, or right click and "save-as" to copy onto your PC.

    From there you could paste the text to a plan text viewer (or file)if you wish. Follow the instructions. Keep in mind there's two parts to the setup. At this point, insert the CD in that new Firewall box you build up and get into the "setup" (BIOS) to choose the CD as the first boot-device. If this is not possible (older PC) you still have the option to create a floppy boot/install set. The document, just mentioned covers this. Save your BIOS changes and boot from the disk, following the prompts. This is done from the "console" or the local keyboard of the firewall PC. Answer the questions. Some of the choices you'll see on your screen are shown, here, but not all situations will be the same. Again, as said the documentation (above) covers this. Once you've installed SmoothWall, you'll reboot into the Linux O/S. During this time SmoothWall will not be able to "talk" to the red NIC, because that NIC has not yet been setup up to talk to the radio and the ISP. Therefore, you will not hear the (mid-pitched) "beep" from the red NIC. You will, however, hear a three (low-mid-high pitched) "beep-beep-beep", indicating SmoothWall is now talking to the Green NIC. At this point you could ping the green NIC from anywhere inside your LAN, as a test only. Also, now, the screen should show the command prompt for login, as shown in the left picture. Do so with the "setup" username and the password you choose during the installation of SmoothWall.

    Once you get logged into the setup you'll see a series of graphical dialog boxes with choices. Follow the Quick Start manual. It comes with the SmoothWall package as a pdf file. A doc version is available at the link in the above paragraph as well. If you don't have the manual handy we can go over the rough areas. Most navigation is with your arrow and tab keys and space bar or enter to get there. First, get into "Networking", then "Network configuration type".

     

     

     

     

     

    Select the "GREEN + RED", then "OK". Next get into "Drivers and card assignments". Normally SmoothWall automatically configures both NICs and list the MAC address for each one. If you are in doubt, go ahead and run the configuration, by selecting the "OK".

    Configure each NIC (red and the green). You'll be asked how to obtain it. Most of the time do a "Probe". If the NIC type is listed in the SmoothWall install listing it will come up with a "suggestion" right away. Take the suggestion and do the same probe with the second NIC. If there's a problem, it will tell you no driver was found and give you the opportunity to manually search for the most correct one. This also indicates the problem we discussed earlier when you try to use mixed card slots types in the same PC.

     

     

    After "OK"ing and "Done" etc, get back to the "Network configuration" menu and select "Address settings". These are the IP address you'll be assigning on a fixed bases to each NIC. SmoothWall has a default address for the "GREEN Interface" which works just fine for most LANs. The "Red Interface" addressing menu, needs to be set to "PPPOE". Then select "OK" to get back to the other menu. These two settings have to be correct, for the LAN to work, so pay attention to your selections.

    The "DNS" menu can be left at default. The "DHCP Server configuration", however has to have the "Enabled" field activated. Use your tab key to get there, then your space bar to enable it. You'll see a star in that field when you do this. Then "OK" to get to the previous menu. Answer the questions, like "OK", "Done" to return the main menu.

     

     

     

     

     

     

     

     

     

     

     

     

     

     




     

     

     

     

     

     

     

     

     

     

     

     

    The last part of the main menu is for setting passwords for three levels of access and/or firewall functions, such as logging on (remotely via a browser), shutting down the system or getting back into this setup menu. Select each one, "Admin", "Root", and "Setup" menus. We won't get into the debate of password and internet security in this article, just what works for you. The longer and more mix (complicated) the password are is more secure; on the other hand is more time consuming to work with. When you are under stress and time is factor, take all of this into consideration. For obvious reasons, specifics are not discussed, here, or any other open public forum. Keep your sensitive notes in a safe place or memorize them. The worse that could happen if you forget then is having to re-install the Smoothwall software. After you've done this a couple times complete installation takes under an hour; at least it did for the Author. When you finish the initial setup and reboot you will see the login prompt at the command line, of the Linux operating system. At this point all the devices should be communicating with each other on your LAN. You can tell this by hearing some "beeps". More on this, in just a little while. Try pinging your firewall from another PC on your LAN. You can also ping between PCs on your LAN. Another nice feature is being able to transfer (even large) files between PCs and even share files and printers. However, you are not done, as you are not yet connected to the outside (red side/internet) world.

    Now, get into the SmoothWall remote "setup". This is done from another PC with a browser on your LAN. And, just in case you were wondering and wishing, it's not (presently) possible to do this from the local SmoothWall keyboard (console), so you have to grab another operating PC. Assuming all your cabling is correct your second PCs NIC should be talking to the green NIC on the firewall. Remember all the discussion about straight and crossover cables, etc. Assuming you have green lights on all your NICs, switches and other devices on your LAN, you need to log into SmoothWall. Use the IP address that you pinged the firewall in the previous step, followed by a suffix at the end of the address. The manual will tell you all of this. This is normally no security risk mentioning this, here, since this is on the green side. A hacker on the "red" side (internet) should not be able to access the system with this address.

    Once you've logged into SmoothWall click on the networking tab. You'll be prompted for the Admin's password, that you choose in earlier steps. Now, enter a Profile name. It could be anything such as the name of your ISP. Next, select the Telephony Interface, which is " PPPoE ". Also, check the two boxes; "Connect on SmoothWall restart" and "Persistent connection". This will save the pain of having to do it manually, later if and when the ISP goes down. On the fields marked "Authentication Username" and "Password" enter the information that you and your ISP decided on when signing up for the subscription. The picture examples are small for just a general idea of what you will see. That's pretty much all you need to change. Feel free to browse around on the many SmoothWall tabs to learn, however be careful and test any changes after clicking on the "save" button. It's a good idea to write down what you changed in case it causes a failure and you need to restore the original settings.

    If SmoothWall did not already connect you, click on the "connection status" (upper right) and then click on "connect". It may take 20 or 30 seconds for the negotiation between your IPS and SmoothWall. During this time Smoothwall will electronically "ask" your ISP's server to assign it a dynamic IP address. Once this happens this address will identify you from the outside world (red side=Internet). This address assignment will stay with your firewall forever, unless the connection gets dropped for various reasons, such as ISP failure (it happens a lot; more than you know), power outage, or yourself working on the system, etc. This address is handy for ISPs to check on your connection status or someone that might want to trace (route) you and your equipment. However, it's also a good tool for (bad) hackers to try to damage your system. SmoothWall expects this and has protection against this type of malicious action. Occasionally, hackers might try port scanning and you hear the firewall's hard drive click (writing) each time. It's just rejecting and possibly logging those attempts.

    At this point you should be connected to the outside (internet) world, and should be able to ping(see picture) outside sites and start surfing the web. Also from now on, whenever you power down the firewall you will hear a (low-pitched) "beep-beep", followed by a single (mid-pitched) "beep". It's only speculated (at this point) those beeps are indications SmoothWall is talking to each NIC on shutdown. Also, when you (now) boot up you will now hear a single (mid-pitched) "beep" indicating SmoothWall is talking to the red NIC then, shortly afterward, a three (low-mid-high pitched) "beep-beep-beep", indicating SmoothWall is talking to the green NIC. These beeps are not to be confused with the PCs BIOS "okay" beep at the very beginning of a boot. If you watch the firewall's screen you'll see lots of (Linux) messages screaming by. After a while you be able to catch a few and get clues on the health of your firewall. Linux is a very stable and reliable operating system. And SmoothWall express is very good, as well. The two make a great LAN/Firewall for internet protection. Remember to considered the (mentioned) U.P.S. for your LAN equipment such as your radio, switch and PC/firewall to protect those annoying brief power outages that the utility companies sometimes like to do.

     

     

     

     

     




     

     

     

     

     

     

     

     

    PROBLEMS ?? PROBLEMS ?? We don't need no stinking problems !!

    It's unbelievable how much we get used to the convenience of these "appliances". When a piece of technology, such as this, fails, you'd think it's doomsday or something! ISPs do have technical problems, at least in the case of the Author's. It's not uncommon to get "dumped" like you did on the slower, dial-up connections. The causes could be complicated and very time consuming to find. The good news is most outages only lasts a few seconds. So let's starting thinking pro-actively (what a concept!!) about what-if scenarios, for future problems. Computers and electronic devices DO FAIL; accept it-- it's just a matter of time. That's what keeps us repair people in business ! For example, isn't it "great" when your most loved customer, your spouse, yells at you "my thing doesn't work", or slightly better, "my computer doesn't work" ? What that person is trying to say (in ignorance) is the internet connection is not working and their little world is crashing in. At best, it's an irritant. If you don't see a "connected" status within 5 minutes of start-up on the SmoothWall menu, this indicates a problem you might have with your settings, cabling, etc.

    You may have to call your ISP for help. This is a good time to take a deep breath, take a valium or whatever, because you may be on the phone for a while especially if it's an automated system and/or a large company. Calling them may not give you much satisfaction, other than the (stupid, but polite) generic answer "we are working on the problem". Sounds familiar? (thinking of the telephone company.) Or better yet, that (stupid) recording "your call is important to us, please hold". This drives the Author nuts, so bring a drink or snack when you call for support. You might consider getting a telephone headset, or speaker phone, so you can do other things around the office while on-hold or waiting for something to happen. Another "trick" the Author does is by having two PCs in the working area. While one is being worked on by the ISP and you, the other is ready for other stuff.

    Some ISPs do not do well with Linux. Either they do not like Linux, or are too embarrassed to admit they know nothing about this O/S. Therefore, the support person on the phone might start giving you real basic (and stupid) instructions, like "click on start, then click on....", etc, etc. You'll have to make a decision to either play along with this and make your own translations or tell them what you really are doing on your PC and risk them getting a down-founded, glazed over eyes and can't support you. One sign of this (communication) problem is long pauses from them, after you say something about what you've done. In some cases you may have to ask "are you still there?". Another suggestion is to "feel them out" during sign-up subscription on how much they know about such systems. The masses only know something about Windows products so be ready for that mentality. It's not the intention to bash companies; just remember what you are getting into and be prepared to avoid a frustrating time working with them during an outage.

    When your ISP repairs the outage, SmoothWall should be able to handle this and get you logged back on line automatically. If not, your "customers" (spouse, etc.) can log in with the admin password to manual attempt a re-connection. Each time your are connected (auto or manually) your red side will be assigned a new (and most likely different) IP address. That's the dynamic IP addressing you've selected, due to your subscription with your ISP. However, if you wanted static IP address, that can be arranged as well with your ISP, then in the SmoothWall settings. Either way, a competent ISP should be able to "see" your red side/radio access point on their system, even remotely. Remember, the green side IP address will stay the same, and not be able to be pinged, accessed or otherwise seen by anyone on the internet side. This is the Firewall's security design. All these issues are good "testers" to see if your ISP is worth something for that 30-50 bucks a month you are paying them for the service. Remember not to burn your bridges, since they may be the only wireless provider around. Sometimes it takes great patience to deal with some of them and understandably it's hard to maintain a polite and positive attitude during an outage.

     


     

    This is the end of the Fire wall article. Thanks most go out to several friends and associates helping the Author with the development and knowledge of such system. In return the Author hopes this article will benefit others out there, attempting the same thing. There's no reason to re-invent the wheel and go through what the Author did. You are free to pass this information anywhere, on a non-commercial basis, with acknowledgment of the Author.

     

     

    Back to SRG tech page

     

     

    [SRG home Direction]