2.0 Release

smoothwall

http://www.smoothwall.org/

** Please see http://smoothwall.org/ for the latest release
** information, downloads and updates!

———————————————————————
Smoothwall Express 2.0 Release Notes
———————————————————————

** Please note that the https web access port has moved from
** TCP/445 to TCP/441! Use https://x.x.x.x:441/ from now on!

Changes from Smoothwall GPL 1.0:

  • Smoothwall GPL is now Smoothwall Express! http://community.smoothwall.org/topic/1086
  • Stateful packet inspection using Linux 2.4 kernel with iptables and netfilter.
  • Improved installer:
    • Network card skip.
    • Displays MAC address of detected cards.
    • Prefilled IP addresses.
    • Configure upstream web proxy for fetching update list.
    • when a direct connection cannot be made or is not allowed.
  • Improved web user interface; more user friendly, better error reporting, more orange
  • Improved connectivity device support:
    • More USB ADSL modems; ECI chipset, USR SureConnect. http://smoothwall.org/beta/eci.html
    • BeWAN PCI ADSL.
    • BT Home Highway USB TA.
  • Universal Plug-n-Play support for Microsoft Windows XP users.
  • Improved network usage graphs with RRDtool.
  • Improved proxy performance through diskd and other squid tweaks.
  • Static assignments in DHCP server options based on MAC address.
  • Smoothwall time sync with internal or external NTP server. Can sync from a built-in list of servers. (Does not provide ntpd service to Green or Orange network however)
  • Configuration backup to floppy disk for quick install on another machine, or re-install on same machine (compatible with backup floppies from Express 2.0 RC1, timesync server list bug when using backup floppy from Express 2.0 beta7 “pendolino” – see http://community.smoothwall.org/topic/2180 for more info)
  • Simpler port forwarding; no need to open ports with external access page, the port (or ports – port ranges are allowed now) is opened and forwarded on one page.
  • IP Blocking feature; block any given external IP address or subnet from accessing your Smoothwall or any port forwarded hosts. Additionally, blocking rules can be added from the firewall log interface.
  • Advanced networking features; block ICMP ping, block multicast traffic and enable SYN cookies.
  • Improved VPN; no need for “next hop” setting, optionally enable compression on the tunnel, still possible to connect to a Smoothwall GPL 1.0 VPN.
  • Perform network diagnostic (ping, traceroute) from web interface.
  • New Java SSH client (replaced due to licence conflict).
  • Added clear cache option to web proxy.
  • Updates list location changed http://updates.smoothwall.org/express/2.0

Thanks to those on the team and the forums for their hard work on mods and patches

———————————————————————
Rebooting
———————————————————————

During the reboot, notice the nice boot screens.

You will notice differences if you use either the ECI or the USR SureConnect USB ADSL modems.

For all USR ADSL modems, have the unit plugged in prior to booting. If you are using an ECI-chipset driver (generic of FDX310), you will see your screen fill with diagnostics as the firmware is uploaded and the line synced. Occasionally this can appear to hang part way through, but it should not stall for more then 30 seconds at a time. The line should be synced when this process is complete.

The USR SureConnect will behave in a similar fashion, but with less diagnostics.

———————————————————————
In Use
———————————————————————

After rebooting, point your browser at the Smoothwall IP and either 441 (for https) or 81 (for http). When designing the new interface, we have tried to make things easier to find and more “friendly”. The online help has been moved into a popup window for easier use. The most often used page, for PPP profiles, has been moved into a new “networking” section, which also has the port forwarding and external access pages within. Other pages have been collected into a new maintenance section, which has the all-important update page.

The webproxy page has been improved to allow you to specify a username and password for the upstream proxy. The DHCP server has been enhanced by allowing you to create static entries based on the MAC address of the client. Note that to activate the changes, you have to press the Save button after adding each one. Dynamic DNS has been improved by adding support for a couple more providers of this service.

Because of the change from ipchains to iptables, the way the external access and port forward page operates has changed slightly. The external service page now only operates on connections directly to the Smoothwall external IP address which *won’t* be forwarded on. This means that the port forward page has an additional control for setting what external address is allowed to use this port forward, combining the functionality of the external service page and the port forward page from 0.9.9. This means that in 2.0, the external service access page is limited to being used for opening up local ports, such as 222 (ssh) and 441 (https).

VPN functionality has been enhanced by removing the requirement to enter the “next hop” information, and also by making compression of VPN traffic an option. Note that the value of the compression flag must match at both ends of the tunnel. For verification, you must now enter the shared secret twice.

The IP whois resolver has been improved so it should be possible to lookup any IP address, not just European ones. You can also use this page as a generic whois interface, and lookup domain names as well as IP addresses.

———————————————————————
Feedback
———————————————————————
Please send feedback, both positive and negative, to submissions@smoothwall.org or more preferably, use the Known Issues thread at http://community.smoothwall.org/topic/2636 on the community forum site.

We are especially keen to hear from people who have success (or failure) in using the BeWAN PCI ADSL modems, or the USR SureConnect, or one of the ECI-based USB ADSL modems.