Wednesday, 3 September 2008

Part 2 - Getting my parts out and playing with them

With all the kit safely back at base, it was time to put it all together. What were the chances that the kit would power up let alone let me put a firewall on it? Surprisingly (for me at least) it came up first time.

Now the thing about this solution is that it's all going to have to squeeze in to a small box and I didn't want to put it all together only to find that some hardware configuration or limitation (i.e. supported hardware issue) meant I needed to open it up again. So as soon as I could get the bare bones operational, I decided to find a firewall distribution that met the criteria and give it a whirl.

Must have:
  • NAT firewall with spi
  • IP blocking features allowing single IP or IP range blocking - (without the 20 or so rule limit I had on my router!!!!)
  • Port forwarding
  • PPP support - I need it to connect to my ethernet modem and log me on to the net
  • SQUID. (I didn't really need this but it was an itch I've been meaning to scratch for ages) - preferrably transparent.
  • Good logging features
  • Be able to run on a reletively low power system without dragging down my surfing experience.
Dream team:
  • IPSEC VPN endpoint functionality
  • Pretty graphs
  • Good community support (do not undervalue this aspect)
  • NTP, DHCP and DNS (in case I ever decide to consolidate these services away from my existing systems)
  • Intrusion Detection System (IDS) ... another 'want to play with' thing.
  • QOS so that when my kids grow up - I can QOS their bandwidth hogging activities out of existence
  • IM proxy. Again, when my kids grow up I'll need to snoop - err responsibly monitor who they're talking to.
I trawled my backside off looking through the various features - seeing what did the trick. M0n0wall looked like a fantastic development able to run on skinny kit but didn't appear to have the web proxy functionality I was looking for. Untangle also looked quite tasty but I was put off with the beefy (ok - non wimpy) hardware requirements.

Much more up my street were IPCOP and Smoothwall Express. Both scored highly and it was hard to choose between them. Being technically minded, I went for IPCOP because my Dad was a copper back in the day - and somewhere in the back of my head the name gave me the impression of The Sweeney meets Tron. That's how the IT decisions are made when I'm spending the money!

So I downloaded the latest release from sourceforge, burnt the disk and fired it up. Remember what I said above about supported hardware issues? Well that's where IPCOP fell on its arse for me in the first instance. It's not everybodys experience but I couldn't get it to run on my kit. It appeared for all the world to me that during the installer process, IPCOP was looking for the install files from my SATA disk rather than the CDROM with the install disk in. Actually - I proved this for myself by breaking in to a console session and browsing the device it was trying to read from - which was my SATA drive. The community advice was 'search the forum for SATA'. Something that showed mixed success.

I'm not going to knock the regional cummunity support forum but suffice to say I didn't get the warm fuzzies from it! I wasn't expecting flowers or anything but, well ..

So there I was with a dining room table full of hardware and one option left. Time for Smoothwall Express. The name wasn't as funky but the base functionality was pretty close (IPCOP being a fork of Smoothwall by all accounts). Would it run on my cobbled hardware or would I have some explaining to do to my wife when we examined the accounts!?

To start with, the answer was no! *cry* For a moment I thought I had compatibility issues when the installed keeled over repeatedly with an obscure message at the end of the file installation process. But checking the md5sum gave surprising results and it transpired that my iso was corrupted. A first for me. After a second download and a successful md5sum check - the next attempt worked like a dream.

The wrong kind of chips on this dining table (according to me wife at least!!!) The farmhouse dining table and chairs gave it a Star Wars meets the Waltons feel.

And if you think I'm going to narrate my firewall configuration across the blogosphere you can, of course, forget it. There's plenty of time to comment on Smoothwall in later blog sessions after a healthy evaluation.

With the harmonious union of hardware and software witnessed in front of the creator, it was time to build them a house before the honeymoon could commence. In this world though, considering the economic climate, credit crunch and the high price of accommodation - it would have to be a humble dwelling.

If you've seen my first entry then you will have seen the 'Urban Myth' game box that I proposed to turn in to a case. How had I come to the conclusion that it would do the job? I tipped out the cards and checked to see if the mobo would fit inside. That was the scope of my groundwork! The last time I worked with metal was approx 22 years ago back in school when I made a two piece replica concorde. All I had at my disposal this time was a medium sized hand drill, a small pair of wire clippers and a pair of sturdy scissors - swiped from the kitchen. Before long I had made a few 'functional' modifications to the case.


Almost certainly after .. unless the event was subject to a time paradox. Look closely - two holes - as the actress said to the bishop.

Now the parts have to be fixed to the case. First off - the PicoPSU power supply. Do I fix it in a practical position - or somewhere stupid & impractical but slightly amusing?

That's what your face looks like when you have a PicoPSU wired in an impractical place. Suit your sir! oooh!

Almost in focus. I think the 'shiny behind' had a dazzling effect!

Funny (mildly) but in a space efficient environment - not very clever! Next - fasten the mobo to the case.

A bit wonkey but it fits and there is still hope to cram the rest of the bits in.

With the PSU wired in and the mobo fitted - all that was left was to slot in the hard drive (somewhere) and shut the thing together. I managed to squeeze the drive in to the lid without too much issue. Closing the case was about a third of the job though!! It turns out that I had set a world record for owning the worlds most inflexible SATA lead. Lucky for me I had a draw packed full of the things - every one of them at least twice as flexible as the one I had chosen earlier!

The professional job on the metal work had introduced a certain amount of fatigue to the structure. It closed well enough but the chicken in me compelled me to add a bit of tape to ensure integrity. And here it is - the final product. Ladies and gentlemen - may I present to you, the Urban Myth Smoothwall.

What tape?

Closing comments - it's alive!! It will probably need a bit of further refinement to secure the case in order to remove the tape. As for a 533mhz system with 256 MB of memory running smoothwall and squid - for home use it's bloody fantastic.

No comments: