You may have gathered.. I’m not your average user. So when I needed a router for my house, it’s no surprise that Linksys didn’t fit the bill. I ran a linksys router for a while, the damn thing kept dieing on me. I’d reboot it once or twice a week to keep things online. I finally built, out of an old server, a Smoothwall Express box. It worked wonderfully, and i never had another issue.
I had only a handful of complaints with the Smoothie. It’s a very stripped down linux, a lot of the tools I’d come to expect in a linux distro aren’t there. Which is a blessing and a curse. The system requirements for Smoothwall are very low. It’ll run on just about anything with two network interfaces. It doesn’t get updates often, which is OK, as long as there’s no reason for updates. But it gives it this feeling of stagnation. Don’t get me wrong, it’s served me very well. I have a lot of respect for the project, and I’d recommend SmoothWall Express to anyone. However….
Virtualization. I’ve recently moved my KVM hypervisor to my house. It’s a long story, but I now have commercial cable service, and my hypervisor is in my basement. So, this gave me the idea to virtualize my firewall device. Why not? The smoothie was running on an ancient server at this point, why keep wasting electricity? Besides, the thing was so full of dust from the years that i was just waiting for a fan to fail. So I gave virtualizing Smoothwall Express a shot. I couldn’t get it to recognize the hard drive… I gave it a few tries, different hardware emulation.. Nothing worked. So I decided it was time to look around and see what else was out there.
My needs are simple. I want a linux distro, to which I have root access, with a decent web interface, firewalling, port-forwarding, DHCP, and NAT support. Most of that I could build on my own. Linux with root, simple. Firewall, port-forwarding, NAT, childs play. DHCP, I’ve never done, but it can’t be that hard. Web interface to tie it all together….. Fail. I could do that, but it’d take me months, and I’d probably never finish it. So, I started by looking around online, and found a few lists. Wikipedia has a nice list of linux distro firewalls. Nothing in that list really struck me though. So I altered my search slightly. I’m an RHCE, and I run a ton of RHEL/CentOS boxes. So, why not stick with what I know? I searched for CentOS firewall distro’s and found ClearOS. Like Smoothwall they have a community supported, and a professional version. I of course went with the community version.
It’s CentOS, 6.3. With a nice web GUI, and all the functionality of CentOS (which easily covers all of my above requirements, and then some). On top of that, it’s modular! Out of the box, its essentially a server OS, with a web GUI. Maybe this would be a nice OS for web hosts? Hrm… So, out of the box it doesnt do things like nat, and firewalling, and port forwarding, but you can add in apps for just about anything you’d like to do from their market place. Many of them are free, others are pay. I added in port forwarding, openVPN, advanced firewalling, and a few reports. There’s also application firewalls, content filters, email and spam scanning, IDS, you name it!
The firewall giu is pretty nice. No complication at all. Same with port forwarding. OR, you can use Advanced firewalling, and literally plug in your own firewall rule from the web gui. Just add in your iptables command, and it adds it to your firewall.
OpenVPN was also relatively easy to setup. They built a nice auto-configure mode into openvpn. ClearOS simply creates routes to all of your private networks. You can disable that and configure manually of course. For that you need to drop to a shell and configure openVPN manually. I can now vpn into home, from work, and access my systems without the need for port forwarding, or opening them up to the internet.
Overall, this is a very nice distro. I think I’ve found my new favorite firewall distro.