3.0 Alpha "Koala"

Introduction

Express 3.0 is our latest version of the long running and successful Smoothwall Express firewall. This is an alpha release, code name “koala”. This means that although this build is working and useable, it is not feature-complete. It also has a couple of known problems (see below). Needless to say, there are probably unknown problems as well.

As the phrase goes …

As we know, there are no known knowns. There are things we know we know. We also know there are known unknowns. That is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don’t know we don’t know.

The main reason for releasing a feature-incomplete alpha smoothie is because we are very interested in how 2.6 performs and to make sure we have a stable base before adding a few more features.

This page will be updated as and when alphas and betas are released.

Devel edition

Koala is available in two versions:

  • User edition
  • Developer edition

The developer edition includes the complete Smoothwall Express functionality, but also contains the needed tools for working on Express itself, including complete builds, check outs and commits. It is therefore possible for interested coders to work on Express from their very own firewall. This marks a turning point for Smoothwall: it is now easier then ever for people to work on the project, make custom modifications and get involved with the Smoothwall team.

Please bare in mind that in order to do full builds of Express, a reasonable spec machine and a fair of amount of patience is required. Typical build times are about 5 hours for a 1Ghz machine.

Please read the HOWTO for more information on using the devel edition of Koala, including instructions on how to checkout and build a koala ISO from scratch.

New features relative to the previous Express 3.0 alpha, Grizzly

  • IM proxy with logging and filtering abilities (MSN/AIM/ICQ/Yahoo)
  • SATA/SCSI support
  • Streamlined installer/setup
  • GREEN is probed with the other NICs now so it is possible to replace GREEN
  • Smoothd privileged deamon (although only a few things are utilising it still)
  • Firewall log viewer looks much nicer and has some AJAX coolness
  • Hopefully working BeWAN and openswan
  • Realtime traffic bars
  • New update mechanism which can download and install all pending updates with
    a single click.

Other new features relative to Express 2.0

  • Based upon the latest (at least at the time of building) 2.6 kernel.
  • Brand new even prettier theme. The polar bear is back!
  • Includes many new NIC drivers that are in 2.6.
  • Brand new update system – updates are downloaded directly onto the smoothie
    itself instead of going via the desktop browser.
  • NTP service for the local network.
  • Extension “home-brew” system.
  • Local hosts list that can be served through the DNS proxy.
  • Replacement traffic stats page.
  • SIP NAT support (experimental!)
  • Many internal changes to make the code more organised and easier to work
    with.
  • Jazzed up control page.
  • Easier to use log viewers with “Smooooth” pagination.

Planned New Features

Post alpha, we plan to add the following features, at a minimum:

  • Settings upgrade from Express 2.0.
  • Other things that come along!
  • Egress blocking

Known Problems

Unfortunately we have a number of problems, all of them related to 2.6, that need to be addressed. We hope that they will not stop people testing.

  • USB ISDN support is broken.
  • PPTP and Quake helpers. We hoped to introduce PPTP pass through support, but this is currently broken due to kernel incompatibly.
  • UPnP support is currently missing.
  • The Interface page, for configuration the NICs from the web GUI is incomplete.

Installing

Testers are better off recreating their settings from scratch, though a direct restore of Express 2.0 settings will probably work for now.

The installer will automatically probe for and load SATA and SCSI drivers if no IDE disk is found. We are interested to hear about feedback on this new feature. At a point in the future we hope to add USB keyboard and CDROM support, for installing on IDE CDROM-less machines.

The old “media menu” has gone. While only CDROM installs are supported, it isn’t needed anyway, but in the future it will not be needed anyway because the installer will know what type of install is required.

To speed along the install, the ISDN, ADSL, and DHCP screens are not automatically presented. Instead a menu appears where these features can be configured.

IM proxy

Koala incorporates an IM (Instant Messenger) proxy called IMSpector that is able to log and filter IM conversations in a variety of protocols including MSN, ICQ, AIM, Yahoo and IRC. This proxy also has an optional swear-word filter with a pre made list of naughty words. The configuration page is under services; log viewer is under logs and is noteworthy because it shows conversations as they happen by using AJAX techniques to update the webpage.

Other notes

We’ve made a small change to the call-home process. It will now send back a dump of “lspci”, “lsmod” and the USB device table. This was done so we could hopefully in the future build a compatibility matrix for smoothie from this data. Such a chart might even be useful to the Linux community as a whole as well.

To enhance the security of the web interface, a password is now required to view the home page whereas previously this page was publicly viewable from the internal network. Any valid username (admin, dial, etc) will be able to view the home page.

The traffic graphs page shows traffic stats for each interface, with current hour, current, day etc totals, as well as “real time” reports of traffic load on each interface. Note that this code was written for the commercial series of Smoothwall products, GPLd, and included in Express. We’d love to see this particular piece of software used in other projects as well.

A new page, bandwidth bars, shows a continually updated representation of the bandwidth usage for each interface which is updated once a second through the use of AJAX and Javascript.

The time server is enabled on the “time” screen under Preferences. The timeserver (based on openntpd) has been tested against linux (ntpd etc) and Windows and works well. The time server will service requests on the GREEN side only.

The update mechanism has been reworked. In addition to the older “refresh updates list”, download, upload and install mechanism, Express 3.0 has a semi automated installer. This will perform the actions of downloading and installing updates (in sequence) by use of a single update button. This should allow for much easier maintenance.

The new “extensions” system is partially in place. This will allow some of the “homebrew” mods to be installed via the web interface. This is not a replacement for the homebrew system, more a supplement to it. Various aspects of the underlying design (menus etc) have been reworked so that they can be added to without fear of future updates overwriting any “extensions”. Currently there is only one extension available, which neither installs nor does it do anything particularly useful.

Feedback

Please report all feedback, especially any problems encountered, to the Community forum “Express 3.0 development”.