Topic: Success and behind firewall question.

[Norrie]

Hi all,

I managed to get e-smith working behind my Smoothwall box last night with minimum fuss.  Yahoo!!  Here's my setup...

ISP
 |
ISDN
Smoothwall
eth0 (192.168.1.254)
 |
eth1 (192.168.1.1)
e-smith
eth0 (192.168.1.254)
 |
----------LAN----------
 |                     |
Doze(1)         Doze(n)
(192.168.0.xxx) etc.

I'm a bit puzzled.  I can ping local IPs and browse www.  That's fine but I can ALSO ping and admin the Smoothwall box even though its on another LAN!  Is this ok?  Should I be able to?  I'm quite happy about this but it seems to me that I shouldn't be able to.

I've set my Doze box to use e-smith as gateway and DNS server.  e-smith is also the browse master (Am I using the correct terminology here?)

Thanks for all the help in my previous posts with getting this running.

Regards

Norrie
8o)

PS  Next thing is squidguard so I might be asking for help again ;^)

[Duncan]

Yes you should be able to ping and admin smoothwall. Its just the same as pinging any ip address on the internet.E-Smith is just acting as a router.

Looking at your diagram i expect that the ip address of eth 0 on the e-smith box is actually 192.168.0.254 as oposed to 192.168.1.254 as that would cause all sorts of problems.

If your worried about security, remember the network is on the green interface which is trusted. The internet will be able to ping the smoothwall box (smoothwall allows this) but wont get past any other way.

I would like to know what breed of ISDN card you are using, what you think of smoothwall (I reckon its probably the best firewall, proxy ive seen yet) and how was it to set up the ISDN card on the smoothwall box.

Regards Duncan

[Norrie]

Hi Duncan,
Thanks for your reply.

Duncan wrote:
>
> Yes you should be able to ping and admin smoothwall. Its just
> the same as pinging any ip address on the internet.E-Smith is
> just acting as a router.

Yep.  That makes sense.

>
> Looking at your diagram i expect that the ip address of eth 0
> on the e-smith box is actually 192.168.0.254 as oposed to
> 192.168.1.254 as that would cause all sorts of problems.

Oops! You're right.  Its a typo.

>
> If your worried about security, remember the network is on
> the green interface which is trusted. The internet will be
> able to ping the smoothwall box (smoothwall allows this) but
> wont get past any other way.
>
> I would like to know what breed of ISDN card you are using,
> what you think of smoothwall (I reckon its probably the best
> firewall, proxy ive seen yet) and how was it to set up the
> ISDN card on the smoothwall box.

The card's an Asuscom ISDNLink PCI (HCF chipset) that I got from Solwise in the uk.  They're "official BT ISDN" folk who were running a cashback offer (£40) on the installation fee (£50) if ISDN was ordered through them.  The card cost £28 and works just fine.  (Not with e-smith though ;-((  )

Smoothwall really is the easiest firewall to set up that I've used.  I like the multiple profiles and Mark Wormgoor's DoD.  The ISDN card and NIC were auto detected.

I do still like LRP though.  Setting Smoothie up on a single board computer might be cool... Better for domestic harmony ;^)
>
> Regards Duncan

All the best
Norrie