Matt Fiddles

Life's so vast, there's just so much to do...

User Tools

Site Tools


Emperor Palpatine: "Take your Jedi weapon! Use it. Strike me down with all of your hatred and your journey towards the dark side will be complete!"

Where will you go today?

"Arthur's consciousness approached his body as from a great distance, and reluctantly. It had had some bad times in there. Slowly, nervously, it entered and settled down into
its accustomed position.
Arthur sat up.
`Where am I?' he said.
`Lord's Cricket Ground,' said Ford.
`Fine,' said Arthur, and his consciousness stepped out again for a quick breather. His body flopped back on the grass."

- Arthur coping with his return to Earth as best as he could.


There is both a open source version and a commercial version. This page refers to the open source version. The commercial version is at the bottom.

What works

Smoothwall does the following

  • Link and Load Balancing
    • Bandwidth Management (QoS)
    • Prioritize different types of network traffic
  • Real-time Content Analysis
    • Mobile Filtering clients for Windows, OSX and iOS
    • Anonymous Proxy Blocking
    • Search Term Filtering and Forced Safe-search
  • HTTPS Filtering (using a bad certificate)

What I've found:

  • Works well
  • Records traffic
  • Has a web proxy (cache) at the click of a button
  • Good web interface
  • Blocks all traffic except selected traffic
  • QoS
  • But…
    • Logging is per day
    • No filtering service
  • Blocks bitorrent, even when changing port (yes, I know… terrible).
  • Web cache works, but needs refresh_patterns to really do anything.

Access the smoothwall using a browser pointed to https://smoothwall:441 (you may have to edit your system's hosts file).


You can ssh to the smoothwall host. Make sure 'ssh' is enabled in remote access.

ssh -p 222 root@smoothwall


Download these to /tmp (using wget) and extract using

tar zxvf <name.tar.gz> -C /

Then run the /tmp/ file (if present after extraction).

Mods from

  • Captive-Portal-1.0.tgz does not work. Or may require another module.
  • net_scanner-V1.1.tgz ???
  • sw3-proxy-v2.0.tgz works, but not needed?
  • Guardian GAR-3.0a-SWE3.tgz installs, but snort-2.8.4-update.tgz and sw3-updatesnortrules3.tgz do not work, so Guardian does not do anything
    • This is a smoothwall 3.0 problem. Version 3.1 ids works.
  • SW3_Enhanced_FW_Logs-V1.4.3.tgz works beautiful. Gives much more info on about logs and blocks
  • sw3-activeblock-V1.0.tgz ???


See Squid Web Cache and Proxy for more squid tips

Modify settings in /var/smoothwall/proxy/cache. That way Smoothwall will use the setting when you make changes in the webproxy page.

[root@smoothwall]# vi /var/smoothwall/proxy/cache

Apply changes by disabling and then re-enabling the web proxy in the web interface. It will write all appropriate changes to the squid.conf file. Thus, do not edit the squid.conf file as any changes made via the web interface will overwrite it.

Some notable ones to add:

# increase RAM size
cache_mem 256 MB
maximum_object_size_in_memory 512 KB

Don't add any options that are used in the web interface, such as object size or cache size.

By default there is no refresh_pattern, meaning the web cache misses a lot of files (try tail -f /var/log/squid/access.log. Here's a few that can be put in to increase the amount of cached traffic.

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320


Commercial Version

Smoothwall builds a system made for Hospitality sector. It focuses on wireless usability and giving each user a good experience.

Additional modules:

  • Gateway Anti-Malware
computers/firewalls/smoothwall.txt · Last modified: Dec 5, 2013 (5 years ago) by Matt Bagley