SmoothWall.org
 
 home 
 
 about 
 
 commercial 
 
 community 
 
 get 
 
 docs 
 
 security 
 
 support 
 
about » faqs | history | team | company | releases | screenshots | the site
 


Quick Links

 
 
SmoothWall Express 2.0

SmoothWall Express 2.0 was released at 21:00 GMT on Monday 8th December 2003.

__________________________________________________________ smoothwall
                                           http://www.smoothwall.org/

 ** Please see http://smoothwall.org/ for the latest release
 ** information, downloads and updates!

---------------------------------------------------------------------
 SmoothWall Express 2.0 Release Notes
---------------------------------------------------------------------

 ** Please note that the https web access port has moved from
 ** TCP/445 to TCP/441!  Use https://x.x.x.x:441/ from now on!

 Changes from SmoothWall GPL 1.0:

  * SmoothWall GPL is now SmoothWall Express!
    http://community.smoothwall.org/topic/1086
    
  * Stateful packet inspection using Linux 2.4 kernel with iptables
    and netfilter.
  
  * Improved installer:

    - Network card skip.
    - Displays MAC address of detected cards.
    - Prefilled IP addresses.
    - Configure upstream web proxy for fetching update list.
      when a direct connection cannot be made or is not allowed.
  
  * Improved web user interface; more user friendly, better error
    reporting, more orange :)

  * Improved connectivity device support:
  
    - More USB ADSL modems; ECI chipset, USR SureConnect.
      http://smoothwall.org/beta/eci.html
    - BeWAN PCI ADSL.
    - BT Home Highway USB TA. 

  * Universal Plug-n-Play support for Microsoft Windows XP users.

  * Improved network usage graphs with RRDtool.
  
  * Improved proxy performance through diskd and other squid tweaks.
  
  * Static assignments in DHCP server options based on MAC address.
  
  * SmoothWall time sync with internal or external NTP server.  Can
    sync from a built-in list of servers. (Does not provide ntpd
    service to Green or Orange network however)
  
  * Configuration backup to floppy disk for quick install on another
    machine, or re-install on same machine (compatible with backup
    floppies from Express 2.0 RC1, timesync server list bug when
    using backup floppy from Express 2.0 beta7 "pendolino" - see
    http://community.smoothwall.org/topic/2180 for more info)
  
  * Simpler port forwarding; no need to open ports with external
    access page, the port (or ports - port ranges are allowed now)
    is opened and forwarded on one page.
    
  * IP Blocking feature; block any given external IP address or
    subnet from accessing your SmoothWall or any port forwarded
    hosts.  Additionally, blocking rules can be added from the 
    firewall log interface.
    
  * Advanced networking features; block ICMP ping, block multicast
    traffic and enable SYN cookies.
    
  * Improved VPN; no need for "next hop" setting, optionally enable
    compression on the tunnel, still possible to connect to a 
    SmoothWall GPL 1.0 VPN.
  
  * Perform network diagnostic (ping, traceroute) from web interface.
  
  * New Java SSH client (replaced due to licence conflict).

  * Added clear cache option to web proxy.
  
  * Updates list location changed
    http://updates.smoothwall.org/express/2.0

Thanks to those on the team and the forums for their hard work on
mods and patches :)

---------------------------------------------------------------------
 Rebooting
---------------------------------------------------------------------

During the reboot, notice the nice boot screens. :)

You will notice differences if you use either the ECI or the USR 
SureConnect USB ADSL modems.

For all USR ADSL modems, have the unit plugged in prior to booting.  
If you are using an ECI-chipset driver (generic of FDX310), you will 
see your screen fill with diagnostics as the firmware is uploaded and
the line synced.  Occasionally this can appear to hang part way 
through, but it should not stall for more then 30 seconds at a time.  
The line should be synced when this process is complete.

The USR SureConnect will behave in a similar fashion, but with less
diagnostics.

---------------------------------------------------------------------
 In Use
---------------------------------------------------------------------

After rebooting, point your browser at the SmoothWall IP and either 
441 (for https) or 81 (for http).  When designing the new interface, 
we have tried to make things easier to find and more "friendly".  The 
online help has been moved into a popup window for easier use.  The 
most often used page, for PPP profiles, has been moved into a new 
"networking" section, which also has the port forwarding and external 
access pages within.  Other pages have been collected into a new 
maintenance section, which has the all-important update page.

The webproxy page has been improved to allow you to specify a 
username and password for the upstream proxy.  The DHCP server has 
been enhanced by allowing you to create static entries based on the 
MAC address of the client.  Note that to activate the changes, you 
have to press the Save button after adding each one.  Dynamic DNS has
been improved by adding support for a couple more providers of this 
service.

Because of the change from ipchains to iptables, the way the external 
access and port forward page operates has changed slightly.  The 
external service page now only operates on connections directly to 
the SmoothWall external IP address which *won't* be forwarded on.  
This means that the port forward page has an additional control for 
setting what external address is allowed to use this port forward, 
combining the functionality of the external service page and the port 
forward page from 0.9.9.  This means that in 2.0, the external
service access page is limited to being used for opening up local 
ports, such as 222 (ssh) and 441 (https).

VPN functionality has been enhanced by removing the requirement to 
enter the "next hop" information, and also by making compression of 
VPN traffic an option.  Note that the value of the compression flag 
must match at both ends of the tunnel.  For verification, you must 
now enter the shared secret twice.

The IP whois resolver has been improved so it should be possible to 
lookup any IP address, not just European ones.  You can also use this
page as a generic whois interface, and lookup domain names as well 
as IP addresses.

---------------------------------------------------------------------
 Feedback
---------------------------------------------------------------------

Please send feedback, both positive and negative, to
submissions@smoothwall.org or more preferably, use the Known Issues 
thread at http://community.smoothwall.org/topic/2636 on the 
community forum site.

We are especially keen to hear from people who have success (or 
failure) in using the BeWAN PCI ADSL modems, or the USR SureConnect, 
or one of the ECI-based USB ADSL modems.