Post Installation Configuration Guide Version 0.9.9 – Summer 2001 Edited by: Guy C. Reynolds
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
Rights & Disclaimers Page 2
Rights & Disclaimers SmoothWall is a trademark of Richard Morrell and Lawrence Manning SmoothWall is published under the GNU General Public Licence for more information please visit our website at http://www.smoothwall.org. ©Copyright 2001. This work is copyrighted by SmoothWall. You may copy it in whole or in part as long as the copies retain this copyright statement. The information contained within this document may change from one version to the next. All programs and details contained within this document have been created to the best of our knowledge and tested carefully. However, errors cannot be completely ruled out. Therefore SmoothWall does not express any guarantees for errors within this document or consequent damage arising from the availability, performance or use of this material. The use of names in general use, names of firms, trade names etc. in this document, even without special notation, does not imply that such names can be considered as ‘free’ in terms of trademark legislation and that they can be used by anyone. All trade names are used without a guarantee of free usage and might be registered trademarks. As a general rule, SmoothWall adheres to the notation of the manufacturer. Other products mentioned here could be trademarks of the respective manufacturer.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall 0.9.9 Post Installation Configuration Guide Contents Rights & Disclaimers ...................................................................................................... 2 Contents......................................................................................................................... 3 Introduction ................................................................................................................. 4 Viewing this manual ................................................................................................. 4 Looking at the Admin Pages........................................................................................... 5 Introduction ................................................................................................................. 5 Using the Admin Pages ............................................................................................... 5 SmoothWall Administration & Configuration ................................................................... 6 Home page.................................................................................................................. 6 Information pages........................................................................................................ 7 Status....................................................................................................................... 7 Traffic Graphs .......................................................................................................... 8 Dialup pages ............................................................................................................... 9 PPP Settings............................................................................................................ 9 USB ADSL Firmware Upload ..................................................................................10 Remote Access pages................................................................................................11 Passwords ..............................................................................................................12 Services pages...........................................................................................................13 Web Proxy ..............................................................................................................13 DHCP......................................................................................................................13 Port Forwarding ......................................................................................................14 External Service Access..........................................................................................14 DMZ pin holes.........................................................................................................15 Dynamic DNS .........................................................................................................16 IDS pages ..................................................................................................................17 VPN pages .................................................................................................................18 Control ....................................................................................................................18 Connections ............................................................................................................19 Logs pages.................................................................................................................20 Shutdown page ..........................................................................................................22 Shell page ..................................................................................................................23 Updates page.............................................................................................................24
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
Introduction Page 4
Introduction This document contains information about the post-installation configuration of SmoothWall version 0.9.9. The most recent version of this document can be found on the SmoothWall web site, http://www.smoothwall.org, which should be checked for any updates. For the purposes of this document, it is assumed that you have already installed SmoothWall on your donor PC system as detailed in the separate SmoothWall User Installation Guide. Using the browser-based interface from a second machine on your LAN you can now carry out all the necessary configuration and system maintenance of your SmoothWall system. The browser-based interface has been tested with both Internet Explorer and Netscape Navigator versions 4 and above on a variety of different platforms. In order to use the Java SSH tool for changing setup details you will have to use a Java-enabled browser. Note that later versions of both Internet Explorer and Netscape Navigator are suitable for this purpose.
Viewing this manual This document has been specifically designed for printing viewing, and as a result is not suitable for on-screen viewing, due to the size of the pages and the amount of text on each page. If you prefer or require a copy of this manual for viewing on screen please download the screen optimised document from the SmoothWall web site at http://www.smoothwall.org.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
Looking at the Admin Pages Page 5
Looking at the Admin Pages Introduction The SmoothWall administration web pages are used to configure and monitor your SmoothWall device. The administration web pages provide a powerful set of features for navigating through and adjusting the configuration of your SmoothWall device
Using the Admin Pages The administration web pages include a window within the page for viewing the current selection. A tab bar at the top of each page to switch between the options for the current selection and to access the on-line help pages. If you click on the logo, it will take you to the Credits page.
Figure1: Parts of the page
A: Active selection window. B: Selection bar. C: Option tabs. D: help tab.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 6
SmoothWall Administration & Configuration Home page Start up a web browser on one of your local hosts and enter the IP address or hostname that you gave to the SmoothWall system's Green interface plus the port director to go to either port 445 (secure), or port 81 (insecure). https://smoothwall:455,
http//smoothwall:81,
http://192.168.1.1:445 or http//192.168.1.1:81 You should now be presented with the administration web pages home page. You can use the selection bar, and option tabs on the home page in conjunction with the forward and back buttons in your web browser to reach the other configuration and status pages.
Figure 2: Home page
From here there are a variety of configuration options available. The selection bar lists the following options, which are be detailed in the following sections: Home
–
return to this main screen.
Information
–
details of the current operational status of the system.
Dialup
–
configuration of dial-up (PPP) settings.
Remote access –
configuration of remote accessing methods.
Services
–
configuration of the built-in DHCP server, web proxy server and other services which run on the SmoothWall box.
IDS
–
configuration of the intrusion detection system.
VPN
–
configuration of the Virtual Personal Networks.
Logs
–
view the log files that are generated by the SmoothWall box.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 7
Shutown
–
safely shutdown and, or Reboot the SmoothWall box.
Shell
–
remote secure shell on the SmoothWall system for less common administration purposes.
Updates
-
Installed and available updates for the SmoothWall box.
The tab bar lists this page and the on-line help option which when selected displays the online help for the Home page. This page has links to the various pages on the SmoothWall web site relating to: About us
–
More information about the project team.
Sponsor
–
Sponsor or aid development.
Feedback
–
Send comments or request information.
Docs
–
SmoothWall documentation.
Discuss
–
Mailing lists and discussion.
IRC
-
Internet Relay Chat.
If there have been no errors during PPP setup, and PPP is to be used as the external connection method, buttons will be available to [Connect] or [Disconnect]. Upon successful connection, the SmoothWall machine will beep using its internal speaker. When the connection is severed, it will beep twice. The status of the link will be displayed as idle, dialing or connected. Alternativly, in Dial on Demand mode, the Dial on Demand status will be shown. Press [refresh] to refresh this status display. At the foot of the main box is the output of the 'uptime' command when ran at the command line. This includes the current time and the load averages. Additionally, if there are updates available that you have not yet installed, you will be informed via this page. SmoothWall has two web users, in addition to the root and setup login users. The first is called admin. Authenticating as this user gives access to all configuration pages. The other user, called dial, is able only to use the [Connect] or [Disconnect] buttons. By default, the dial user is disabled; to enable it you must set a password for that user. No password is required to view the Home or Information sections. All others require the admin password.
Information pages Status Selecting the Information page, displays the status window. This allows you to view the current operational status of the SmoothWall box. The top of the page displays information about the network services on the SmoothWall system. A visible indication of whether a service is running or stopped is displayed. Below this are a series of pieces of information regarding memory use, hard disk use, the system uptime (how long it has been running), any users that are currently logged into the system, and some technical detail on the status of the variety of network interfaces that you may have present.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 8
Figure 3: Information: Status Window
Traffic Graphs Clicking on the Traffic Graphs option tab switches the window to the display graphical information about the traffic through the SmoothWall system. It is split into a series of sections detailing both inbound and outbound traffic on each interface that is present. The black line shows the amount of traffic recorded at intervals while the red line displays an average. The graphs are updated ever 5 minutes.
Figure 4: Information – Traffic Graphs Page
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 9
Dialup pages PPP Settings The PPP Settings window opened as default allows you to configure up to five different dial-up profiles that can be used to connect the SmoothWall system to your ISP. The [Select] and [Delete] buttons at the top of the screen in the Profiles section allow you respectively to make a different profile active, or to erase the current profile. You can name your profile to aid you in remembering which of the five possible configurations is which by entering a name for the profile in the appropriate box. From the drop-down menus in the Telephony section you can select the com port that you wish to use for your modem or ISDN card, and then configure other details such as the telephone number to dial, the speed of communication between modem and computer, and so on. The Idle timeout setting defaults to 15 minutes of inactivity before the connection is dropped. By setting this to 0 you can disable this feature and you will have to disconnect manually.
Figure 5: Dialup – PPP Settings
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 10
By selecting the Persistent connection checkbox you will enable the SmoothWall system to keep the link to your ISP up and available for use all the time – if the connection drops for any reason it will automatically be redialled. The dial on demand setting allows the SmoothWall box to automatically dialup and connect when ever a request is made to access an external service. Similarly DNS dial on demand allows the SmoothWall box to dialup and connect whenever it needs to resolve a DNS call. The Connect on Restart will make the SmoothWall box connect after booting. This is especially useful in Dial on Demand mode, because it will automatically put the system into Dial on Demand waiting mode each time the SmoothWall machine is switched on. Most ISP require that the modem send a carriage return to signal it is finished sending. If your ISP requires this, then leave ISP Requires Carriage Return checked, if it does not, then you can uncheck this box. Default is checked. The Authentication section has entries for the username and password combination that your ISP requires for connection. Most ISPs use the default PAP or CHAP method, but if your ISP uses a standard text based login script, select that option instead. Users of Demon Internet will have to use a slightly modified version of this to connect to Demon’s authentication servers, and there is a special setting provided for these users. The final option – other login script – allows the use of a different login script if none of the other methods permit a connection. There is more detail on this area in the online help. If you have to use this setting it would be useful to the SmoothWall team to know what the specific details of the ISP login script are so that we can assist other users in also getting connected. Please contact the SmoothWall team with any such information –details of how to do so can be found on the SmoothWall web site at http://www.smoothwall.org/ In the DNS section you can enter the details of your ISPs DNS servers, or leave the default setting to allow you to obtain the information automatically if your ISP supports this – most do. Click on the [Save] button at the bottom of the screen to record the details of your newly created or modified profile, or the [Restore] button to recall a previously saved profile for further editing.
USB ADSL Firmware Upload Clicking on the USB ADSL Firmware Upload option tab switches the window to enable you to upload the mgmt.o file to the SmoothWall. USB ADSL will not work without it. This file should be downloaded from the appropriate internet website i.e. for Alcatel modems: http://www.alcatel.com. The driver module is not supplied with SmoothWall due to licensing issues. Choose the file on your desktop machine, and then press the upload button to transfer it to SmoothWall. Upon a successful upload, USB ADSL can be utilised.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 11
Figure 6: Dialup – USB ADSL Firmware Upload
Modem Clicking on the Modem option tab switches the window to the Modem Configuration page. For each of the first 6 boxes, if your modem requires a special AT string, enter it here, otherwise use the default. These fields may be blank as well. The Connect Timeout is the amount of time to allow the modem to attempt to connect. After this number of seconds without proper response on the receiving side, it will give up.
Figure 7: Dialup – Modem
Remote Access pages SSH The SSH window opened as default allows you determine whether remote access to the system is enabled or whether the only way to log in to the SmoothWall system is physically at the console. The default settings are such that access via SSH is disabled, as this is more secure.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 12
Figure 8: Remote Access - SSH
Note: In order to log into your SmoothWall system remotely for any reason (such as to reconfigure any settings caused by the addition of new hardware) you will have to enable the SSH server. This provides a very secure method of remotely accessing your system. SmoothWall uses port 222 for SSH. If you do not have a SSH client available to you, or just would rather log in from a web browser, you can use the embedded SSH client. Note that this requires two things – firstly that SSH access has been enabled, and secondly that your web browser supports Java – most modern browsers will have no problems with this. It is advisable to enable remote access only when required, and to disable it again after you have finished accessing the system. This maintains the security of your SmoothWall system.
Passwords Clicking on the Passwords option tab switches the window to the Password configuration window This screen allows you to set or change the passwords for the administrator and dial user accounts on your SmoothWall system. Type the new password for the user in the appropriate box, and confirm it by entering it again in the second box, and then click on the Save button to make the change. Any errors that are generated (such as the password and its confirmation not matching) will be displayed in the lower box.
Figure 9: Remote Access - Passwords
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 13
Services pages Web Proxy The Web Proxy window opened as default allows you to enable or disable the built in web proxy server and to adjust the amount of disc space that the proxy server uses to cache files. The proxy server will cache web and ftp requests, excepting (for privacy reasons) https requests, or pages that include username and password information. This cache will then provide faster access to sites that have been previously visited, up to the limit of the amount of allocated disc space that other cached pages have taken up.
Figure 10: Services: Web Proxy
DHCP Clicking on the dhcp option tab switches the window to the DHCP configuration screen. This screen allows you to configure and enable or disable the DHCP server that is built into your SmoothWall system. By far the easiest method of providing shared TCP/IP network access is to allow your SmoothWall system to act as a DHCP server and provide all the necessary network information to every other system on your network. In order to do this you will need to define a range of IP addresses that can be used by machines on the rest of your network by providing a start and end address. You may also wish to provide details of DNS servers on your network, or simply allow the default setting – that of the SmoothWall system itself – to be used, because SmoothWall runs a DNS proxy server and can provide a DNS service to all network clients that connect through it. The default and maximum lease time (in minutes) for each IP address obtained from the DHCP server can be set, and the Domain name suffix entry allows you to define the domain name that will be given to systems requesting IP addresses. Finally, the checkbox allows you to enable or disable the DHCP server.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 14
Figure 11: Services - DHCP
Port Forwarding Clicking on the Port Forwarding option tab switches the window to the Port Forwarding configuration screen. This screen allows you to configure the port forwarding feature that SmoothWall provides. This allows you to run a server safely behind your SmoothWall firewall, or to redirect network traffic bound for a particular service to a different system. This is primarily of value to SmoothWall installations where a permanent, rather than dial-up, connection is present, and in conjunction with a network configuration that includes an Orange interface, but other users may find the functionality of some use.
Figure 12: Services - Port Forwarding
To add a port to be forwarded enter the source port along with the destination IP address and port and click the [Add] button. To remove a forwarded port, select the Remove check box and then the [Remove] button.
External Service Access
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 15
Clicking on the External Service Access option tab switches the window to the External Service Access configuration screen. This screen page is used for setting up allowed connections from external machines to a given port on the SmoothWall.
Figure 13: Services – External Service Access
Set the protocol (TCP or UDP) using the dropdown box. Source IP sets the allowed IP that you want to be able to connect to the Destination port. If this is empty, which is usually the case, all external hosts are allowed to connect. The Source IP can be either a host or a network, and is specified as 192.168.0.1 (a host), 192.168.0.0/24 (a network), or 192.168.0.0/255.255.255.0 (also a network). You are able to specify multiple Source IPs, so you can easily allow certain IPs and combinations of networks to connect to a single port on the SmoothWall. Like the Port Forwarding page, changes take effect immediately. Note: SmoothWall comes with one "built in" rule. It will allow Auth (port 113) packets. This is to stop Auth requests from being logged in the firewall only, there is no Auth service running on SmoothWall. If you have reason to log these requests, simply disable (or remove) the entry in the External access configuration. Also note: Ports above 1024 are allowed through automatically. For this reason, it is not recommended that you forward these ports if you require restricted access by source IP address.
DMZ pin holes Clicking on the DMZ pin holes option tab switches the window to the DMZ pin holes configuration screen. This screen is for advanced users with DMZ set-ups. With this screen, the administrator can configure "holes" between the DMZ and the local network. The standard configuration, without any holes set-up, blocks any host on the ORANGE network from connecting to a host on the GREEN network. Often this is not totally desirable, however, and it can be useful, if slightly risky securitywise, to allow a host on the ORANGE network to connect to a host on the GREEN side in a very limited fashion. This page lets you do this.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 16
Figure 14: Services – DMZ pin holes
The protocol can be set, although it is not recommended to use UDP for pin holing. Source IP is a machine on the ORANGE network, Destination IP is the host on GREEN, and Destination port is the port on the GREEN machine that you want to allow the ORANGE machine to connect to. Typically this would be used to allow a web server on ORANGE to connect to a mail server on GREEN for WebMail purposes.
Dynamic DNS Clicking on the Dynamic DNS option tab switches the window to the Dynamic DNS configuration screen. If you have a connection with dynamic IP, the dynamic dns section of SmoothWall allows you to use dynamic dns service provided by dyndns.org, noip.com, hn.org, dhs.org and/or dyns.cx. Those services allow people without a static ip address to have a subdomain name pointing to their computer, allowing them to run services like a webserver, VNC, etc. The first step for using dynamic dns with SmoothWall is, of course, to subscribe to this free service with one of the supported providers. Once this is done, you just have to fill in the form on SmoothWall's dynamic dns configuration page: Choose the correct service from the drop-down menu. The check box Behind a proxy has to be checked if you're using the no-ip.com service and if your SmoothWall is behind a proxy. This checkbox is useless with other services. The checkbox Enable wildcards allows you to have all the sub-domains of your dynamic dns hostname pointing to the same ip as your hostname (eg., with this check box enabled, www.foo.dyndns.org will point to the same ip as foo.dyndns.org). This check box is useless with no-ip.com service, as they only allow this to be activated or deactivated directly on their website. Hostname and Domain have to be filled with the hostname and domain you chose. e.g., if you chose foo.dyndns.org, foo is your Hostname and dyndns.org is your Domain. Username and Password are obviously the login information you chose when you subscribed to one of the dynamic dns service providers.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 17
Figure 15: services – Dynamic DNS
When you're done, just hit [Add] to save the information you submitted, and have it appear in the Current hosts section. You may edit that information later simply by checking the Mark checkbox at the end of the line you want to edit and then hitting [Edit]. If you want to keep the information for one of your dynamic dns hostnames saved but want to avoid having your ip updated by the dynamic service provider for this hostname, just edit it, uncheck the Enable box and save it. Once you have finished entering all the information regarding your dynamic dns hostname(s), you can force an update of all the enabled hostnames by hitting [Force update]. Don't do it too often, as dynamic dns service providers don't like people who update their ip when it hasn't changed, and may block hostnames of abusive users. In the future, you won't need to hit this button anymore as your IP will automatically be updated each time your IP changes, allowing you to always be able to find your SmoothWall and your LAN.
IDS pages The Intrusion Detection System window opened as default allows you to enable or disable the IDS (Intrustion Detection System) mechanism. To Enable, tick the box and click save, to disable untick the box and click [Save]. Logs are available from the IDS log viewer in real time, which is accessed from the Logs selection.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 18
Figure 16: Intrusion Detection System
VPN pages These screens are is used to do basic VPN configuration. To find out more about VPNs, please visit the FreeSWAN website at http://www.freeswan.org/. Although primarily intended to VPN multiple SmoothWalls together, it is possible for SmoothWall to inter-operate with any VPN product that supports IPSec and standard encryption techniques such as 3DES.
Control The Control window opened as default allows you to specify the local VPN IP address to listen on. Most people will not want to enable this. If left untouched, your VPN IP will be set to that of your RED interface, which is what almost all people will want.
Figure 17: VPN - Control
This IP address is used if your SmoothWall is on a dialup connection. Only if the dialup IP matches this IP will the VPN be brought up automatically. This is you can use multiple
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 19
ISP profiles, but control which one if them is to be associated with your VPN configuration. The Enable checkbox will tell SmoothWall to automatically bring up the Enabled VPN tunnels when the RED interface comes up. Even when disabled, it is still possible to manually bring up the tunnels. The Manual Control and Status section will show the current status of any VPN tunnels. To stop all VPN tunnels click the [Stop] button. To restart (in case of failure) please click the [Restart] button.
Connections Clicking on the Connections option tab switches the window to the VPN Connections configuration screen.
Figure 18: VPN - Connections
To add a new connection, you must fill out all the boxes in this form and the details filled into the form on the other end must match EXACTLY with yours. This is why the Import and Export features are useful. Fields are as follows Name
–
A simple name to reference this connection. Use lowercase letters only.
Left/Right
–
The internet IP address of the Left/Right side of the connection.
Left/Right next hop
–
The next hop from Left/Right side to the Internet (i.e. the default route of the left/right device).
Left/Right subnet
–
The network of the left/right hand side (e.g. 192.168.0.0/24 would include 192.168.0.*).
Secret
–
The password for the connection.
To add the connection, fill in all fields and click the [Add] button. If you wish to add the connection without enabling it, please uncheck the Enabled box. Current Connections displays a list current connections and their information. To remove a connection, check its tickbox and click the [Remove] button. To edit (including
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 20
enable/disable functions), check the connections check box and then click the [Edit] button. To export settings, simply click the [Export] button. These can then be imported to SmoothWall by using the [Browse] button to find the saved file on your hard drive and uploading it using the form by using the [Import] button to upload them to your SmoothWall. Exporting your settings and sending them to the person at the other end of your VPN connection to import to ensures all settings match. Note that the export file contains the VPN secret information, so you must ensure that the file is transferred securely! Either put it on a floppy disk and mail it, or use a secure Internet link such as a PGP encrypted mail or https to the other SmoothWall.
Logs pages These screens allow you to view the contents of the SmoothWall system log files that have been generated on a particular day. Select the type of log file you wish to view, the month and day, and press the Refresh button. This then displays the contents of the log file – this can be useful for tracking down any errors that may occur in normal use, or simply to keep an eye on what the system is doing. The log files are made available for up to four weeks, but can be backed up from the SmoothWall system by logging in remotely and transferring the files to another system. The log files can be found in the /var/log directory on the SmoothWall system if you wish to transfer them elsewhere for archival. In a similar manner to the system log viewer, the contents of the firewall log files can be viewed, and the network data packets that have been dropped by the SmoothWall system displayed. This allows you to investigate who or what has been trying to penetrate your defences. The IP address of the suspect system and the destination IP address, along with the source and destination port are displayed alongside the time the log file was updated with this information. Note that not every dropped packet indicates a potential hacking attempt – packets can be dropped from quite normal use of networked systems, especially in the event of an error in a network configuration. In particular, attempts to connect to the ident/auth port (port 113) are very common harmless occurrences, and can be safely ignored.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 21
Figure 19: Logs – Other
Figure 20: Logs –Web proxy
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 22
Figure 21: Logs – Firewall
Figure 22: Logs – Intrusion Detection System
Shutdown page This window selection is very self-evident – select the [Shutdown] button to power off your SmoothWall system safely, or [Reboot] to reboot it.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 23
Figure 23: Shutdown
Shell page The web-based secure shell remote access tool that is included as part of the SmoothWall system enables administration of all of the SmoothWall system through a regular web browser. Note: In order to use this feature you will have to have previously enabled the SSH secure shell server in the Remote access administration screen. It is advisable to disable SSH access once you have finished using the secure shell to increase the security of your SmoothWall system.
Figure 23: Secure Shell
When the secure shell is first started you will be presented with a login prompt. The only users that are permitted to log in to the system using a secure shell are the setup and root users – admin and dial users will be denied permission to log in. At the prompt enter either setup or root accordingly and press [Enter]. Enter the correct password at the prompt to log in. Note: Logging in as the setup user will automatically run the setup program to allow you to reconfigure the network settings, make adjustments for different hardware, or just simply change the admin, setup or root users passwords. This setup program is the same one that runs on initial installation of SmoothWall, so it should look familiar. When
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 24
you have finished, select the Quit option. This will complete the setup program and log you out of the system. If you log in as the root user you will be presented with a command prompt. Be warned that the root user has complete access and control over the entire SmoothWall system. If you do not know what you are doing there is a significant chance that you could cause serious errors that would necessitate a re-installation of SmoothWall. You have been warned!
Updates page The Update selection opens the Updates screen’ which is used to inform you of updates and also enables you to apply them to your SmoothWall system.
Figure 24: Updates
Installed Updates lists the updates you have already installed on your system for informational purposes. Available Updates list is updated every time you dial up (PPP users). You may also refresh the list manually by using the [Refresh Updates List] button at the bottom of the updates page. This list is also updates each time SmoothWall connects. Once the list is populated you will see a brief description of the patch and on the end an info link. Please click this link to be taken to the patch's information page, where a download link will be provided. Installing an Update allows you install the official update once you have downloaded it from the SmoothWall website. Note: Opera does not handle uploads properly, please use another browser for uploading updates to your SmoothWall.) Simply use the [Browse] button to select the saved file on your hard disk and then click the [Upload] button to apply the patch. Once done, you will see the patch in the "installed" list.
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
SmoothWall Administration & Configuration Page 25
Note: Only official patches will work with this system. Some patches may automatically reboot your SmoothWall machine, read the instructions carefully before installing ANY patch!
Congratulations on protecting your network successfully!
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
The SmoothWall Team Page 26
The SmoothWall Team The current core team is: Richard Morrell - Founder / Project Manager - UK Lawrence Manning - Development Team Leader / Author - UK William Anderson - Worldwide Online Team Manager / Web Manager - UK Dan Cuthbert - Lead Security Manager - UK Dan Goscomb - Architecture Team Leader / Core Developer / Perl Guru - UK Paul Tansom - Worldwide Community Liaison -UK The current development team is: Bob Dunlop - The Guru's Guru / Code Magician - UK Nigel Fenton - Development / Testing - UK Mathew Frank - Australian Team Leader -Australia Pete Guyan - Technical Testing & Input - UK Eric Johansson - US Team Leader - US Toni Kuokkanen - Original Logo Design - Finland Luc Larochelle - PPPoE Team Member - Canada Pierre-Yves Paulus - Belgian Team Leader / PPPoE Guru - Belgium John Payne - DNS & Tech Contributor - US Guy Reynolds - Documentation Manager - UK Chris Ross - Chief Wizard - UK Jez Tucker - Polar Bear Concept & Testing - UK Bruno Valentin - French Admin - France Bill Ward - US Support / Evangelist - US Rebecca Ward - Worldwide Online Support Manager / SmoothMom - US Adam Wilkinson - VPN Assistance - UK Nick Woodruffe - LCD Development / UK LUG Liaison - UK Mark Wormgoor - ISDN Lead Developer - Holland The current translation team is: Asbjorn Aarrestad – Norwegian - Norway Lukas Frey – German - Switzerland
SmoothWall GPL 0.9.9 – Post Installation Configuration Guide – 1st Edition
