Skip to main content

Smoothwall on Mini-ITX Board

Recently I saw a Hak5 episode that talked about building a high-performance router to increase the speed of your network connection.  http://revision3.com/hak5/building-a-high-performance-home-router/installing-smoothwall  

Darren mentioned that the cheap plastic routers might not be able to compete with a solidly built router, so I decided to give it a try to see if I could increase my network speed.  

I ordered a Mini-ITX board with a 1.65GHz CPU, 1GB of RAM, a 260GB 7200rpm SATA drive, and an Intel Pro 1000 PCI NIC to make my own router.  Here's a picture of the completed assembly:


I took this and installed SmoothWall 3.0 SP3 (incidentally, I had to use a CD-ROM to install it, as a flash drive made with NetUbootIn from the iso never would install correctly).  

Installation of SmoothWall wasn't as straightforward as I thought.  SmoothWall has different colors for different types of Interfaces.  For my use, Green was the LAN, and Red was the WAN.  There are no choices in the install menu to set up the Red interface, but there are 3 choices for Green:  Open, Half-Open, and Blocked (or something to that effect)  

I started with "Half-Open" on the Green (LAN) interface, as I thought that would allow any inbound connection that was previously established via an outbound connection (like going to Google).  However, this seemed to block all my attempts to access the Internet.  I tried to go into the web interface of the router to change this, but I didn't immediately stumble on how to do this, as you can really get into the nitty-gritty of configuring the router.  So I gave up and set the router to Open like Darren did on Hak5.

Just to be safe, I ran an nmap scan from the Red (WAN) interface to see if I could access either the router or any computers connected to the Green interface.  I was happy to see that even when green was set to Open, nmap reported all ports closed and the router didn't respond to pings.  

So I connected it up to my network and ran a speed test to see if I could get more speed with a really over-designed router.  After 10 speed tests, SmoothWall on my home-made router actually performed .19Mbps SLOWER than a Linksys router (average of 31.19Mbps with the Linkysys, 31.00Mbps with the Mini-ITX), even though the Mini-ITX was bare-bones configured, and the Linksys was running VPNs, IP-Table port forwarding, and other junk like that.  

So it is pretty clear to me that the little plastic routers do a great job keeping up with their demand, and I don't really need a super-router to act JUST as a router.   Thus, I'm going to repurpose the Mini-ITX as something else... likely as a Snort-Box.  Look for that in future blogs.

I should mention, that if you are looking for a configuration control enhancement vs a speed enhancement, SmoothWall is probably a great way to go.  It lets you configure TONS of stuff, is very flexible on the set up of different services/lan designs, it recognized my NICs easily and just seemed rock-solid as a finely-tuned router.  Here's a screenshot to show what the web set up (after it is installed) looks like:


So from a configuration perspective I was impressed.  It just didn't improve my speed, which was my initial goal.    

Comments

Post a Comment

Popular posts from this blog

HP c6180 Printer and Vista

Hp c6180 driver issues with Vista Home Premium My wife has a Vista Home Premium laptop, and the HP C6180 Photosmart printer keeps disappearing from her available printers.  The only way I've found to fix the problem is to reinstall all the HP software. When I do this, I have to download the (large..507M software from HP, or reinstall the printer (ONLY the printer, not the scanner) with the installation disk, as the drivers are not discovered with a "Windows Update" setting.  My guess is that is because HP doesn't like people to install only the printer driver, which would be easy, but they want folks to install all their crapware as well, so they are withholding the drivers from the on-line Microsoft printer database.  So keep your installation CD!  I've also found that unless I install everything on the CD or in the Full Version download (HP Customer Participation Program, HP Imaging Device functions, HP OCR SW, HP All-In-one SW, HP Photosmart Essential, HP
27 comments
Read more

atftpd vs tftpd-hpa

Recently I was trying to tftp files from a Windows computer to a Kali box.   One version of Windows worked, but another didn't.    After much troubleshooting, here were my symptoms: I could tftp a file from-to any Kali box from-to another Kali box I could NOT tftp files to a specific Windows 7 box from any Kali box I could NOT tftp files to a Chrooted-Ubuntu-Chromebook box from a Kali box After MUCH troubleshooting, going through every setting in atftpd, it seemed like it literally was a client OS problem.  Different clients simply would not download files---unacceptable. Thus, I switched to tftpd-hpa.   To install: apt-get install tftpd-hpa files go to/come from /srv/tftp, but it needs to be a tftp user. Thus, I needed to: chroot -R /srv/tftp Also, if you want to be able to put files ON the tftp server (from a client), you need to modify /etc/default/tftpd-hpa: change "TFTP_OPTIONS="--secure"  to "TFTP_OPTIONS="--secure --create" I al
Post a Comment
Read more

Security Onion on the Antsle

My Setup of Security Onion on the Antsle: Recently my IDS box, an Intel Atom D2500 Fanless Mini-ITX PC, D2500CCE, died.  Truth be told, I think it came from the factory in a bad state, as I originally thought I had a bad graphics driver, but I then noticed that, after much troubleshooting, it wasn't a driver issue at all.  The box just sometimes wouldn't boot up correctly with video.  It seems heat related, something like not enough thermal paste on the CPU, as after it is powered off for a while it is more likely to boot than when it is warm.  Along with that issue, this box maxed out at 4GB of RAM (only has 2 memory slots, each of which will only take a 2GB card max) and had a single processor, so it was under powered for Security Onion. So, I decided to quit limping along on P.O.S. boxes, and buy a little more heavyweight box for my networked IDS.   Security Onion requires a minimum of 8GB of RAM, and 4 cores per their specs page https://github.com/secur
Post a Comment
Read more