I am testing out the SME 7.0 beta 4 just now. I think it can do all the functions mentioned above. Don't know exactely what is meant with: "In SME you don't have DHCP leased ip table" - Well I'm using it's dhcp just now.
"Management in SME server is very hard" No,no - abselutely not - management of the SME server functions is very, very quick and easy.
Have played with Linux for allmost 10 years now, but will still need some monts of debugging before a standard Linux server can run without to much bugs or security risks. With the sme server I can set it up a bether and more secure server in half an hour.
When it cames to firewalling, the SME 7.0 kernel seems to be supporting most of the standard firewalling functions of the 2.6.x kernel including bridging firewall. Any firewall can be easy applied via a standard firewall script.
When it comes to a task like remote controll of diverse workstations can be done via portforwarding trough the standard configuration tools of the server manager. (And of cource som remote controll program like vnc or Windows remote desktop.)
Because of a PPPoA ADSL connection in my home I have a PPPoA nat router I can't get rid of.
I belive a thing that could work in such a case is to forward all ports and protocolls to a sme 7.0 gateway and from there firewalling/forwarding using the standard functions of the sme. Have not tried yet, but guess it will work for individual remote controll of individual work stations as well. (This will eventuelly be a double DNAT, but I still believe it should work.)
I think there is one major problem to implement realy advanced firewalling capabilities to the sme server-admin panel. The concept of the server-manager panel is to automate a lot of complex tasks and this way to make a lot of things very easy.
If you should apply a more advanced firewall, this will also require a lot of new firewall configuration functions. Even though if you used all of the existing menues og the server-admin panel just for firewall configuration, it will still be rather little, compared with the firewalling potencial of the Linux kernel 2.6.x and the SME 7.0. It has the potencial of doing allmost anything.
If you want a clean and easy configuration interface that fit into the server-manager panel, you will be restricted to a few standard firewall configurations because of all the configuration menues that are not there.
My personal point of veiw is that if you want things to be simle and easy to use, things have to be like they are. If you want to make use of some of the meny advanced firewall functions it will be neccessary to build up some aditional configuration tool that is not a part of the server-admin panel. You can not build in a lot of advanced firewall configurations tool and still keep the existing simplicity of the server-manager panel.
One way of doing this could be to build up some kind of interactive (or editable) script that flushes out the existing firewall and replace it with a new firewall with the alternatively wanted properties. Doing it this way will keep the orgianal SME firewall, so there will be allmost no risk. You just reboot the server/gateway and the orginal SME firewall with original firewall configuration will be back.
By the way - including a filtering of outbound trafic of the sme gateway as it is will be a very bad idea. This will require a lot of maintenace and a fine masked configuration tool for the outbound trafic, that is not there. (And that can not be there as long as things should be kept simple.)
Best reg Arne.
22 Replies
11817 Views