Matt Fiddles

Life's so vast, there's just so much to do...

User Tools

Site Tools


The more you tighten your grip, Tarkin, the more star systems will slip through your fingers.

- Princess Leia

Where will you go today?

"`How do you feel?' he asked him.

`Like a military academy,' said Arthur, `bits of me keep passing out.'" ....

`We're safe,' he said.

`Oh good,' said Arthur.

`We're in a small galley cabin,' said Ford, `in one of the spaceships of the Vogon Constructor Fleet.'

`Ah,' said Arthur, `this is obviously some strange usage of the word "safe" that I wasn't previously aware of.'

- Arthur after his first ever teleport ride.


There is both a open source version and a commercial version. This page refers to the open source version. The commercial version is at the bottom.

What works

Smoothwall does the following

  • Link and Load Balancing
    • Bandwidth Management (QoS)
    • Prioritize different types of network traffic
  • Real-time Content Analysis
    • Mobile Filtering clients for Windows, OSX and iOS
    • Anonymous Proxy Blocking
    • Search Term Filtering and Forced Safe-search
  • HTTPS Filtering (using a bad certificate)

What I've found:

  • Works well
  • Records traffic
  • Has a web proxy (cache) at the click of a button
  • Good web interface
  • Blocks all traffic except selected traffic
  • QoS
  • But…
    • Logging is per day
    • No filtering service
  • Blocks bitorrent, even when changing port (yes, I know… terrible).
  • Web cache works, but needs refresh_patterns to really do anything.

Access the smoothwall using a browser pointed to https://smoothwall:441 (you may have to edit your system's hosts file).


You can ssh to the smoothwall host. Make sure 'ssh' is enabled in remote access.

ssh -p 222 root@smoothwall


Download these to /tmp (using wget) and extract using

tar zxvf <name.tar.gz> -C /

Then run the /tmp/ file (if present after extraction).

Mods from

  • Captive-Portal-1.0.tgz does not work. Or may require another module.
  • net_scanner-V1.1.tgz ???
  • sw3-proxy-v2.0.tgz works, but not needed?
  • Guardian GAR-3.0a-SWE3.tgz installs, but snort-2.8.4-update.tgz and sw3-updatesnortrules3.tgz do not work, so Guardian does not do anything
    • This is a smoothwall 3.0 problem. Version 3.1 ids works.
  • SW3_Enhanced_FW_Logs-V1.4.3.tgz works beautiful. Gives much more info on about logs and blocks
  • sw3-activeblock-V1.0.tgz ???


See Squid Web Cache and Proxy for more squid tips

Modify settings in /var/smoothwall/proxy/cache. That way Smoothwall will use the setting when you make changes in the webproxy page.

[root@smoothwall]# vi /var/smoothwall/proxy/cache

Apply changes by disabling and then re-enabling the web proxy in the web interface. It will write all appropriate changes to the squid.conf file. Thus, do not edit the squid.conf file as any changes made via the web interface will overwrite it.

Some notable ones to add:

# increase RAM size
cache_mem 256 MB
maximum_object_size_in_memory 512 KB

Don't add any options that are used in the web interface, such as object size or cache size.

By default there is no refresh_pattern, meaning the web cache misses a lot of files (try tail -f /var/log/squid/access.log. Here's a few that can be put in to increase the amount of cached traffic.

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320


Commercial Version

Smoothwall builds a system made for Hospitality sector. It focuses on wireless usability and giving each user a good experience.

Additional modules:

  • Gateway Anti-Malware
computers/firewalls/smoothwall.txt · Last modified: Dec 5, 2013 (5 years ago) by Matt Bagley