Wireless Smoothwall

Fri Jan 28 13:14:20 2005 by Eric Hokanson
Modified Mon Jul 2 04:32:20 2012


If your one of the quickly growing statistics with a broadband connection and multiple computers all networked together, you've probably looked at or purchased a hardware residential gateway/router/firewall to connect them all together and share your one Internet connection. This is where Smoothwall Linux comes into play. Designed to run on that old 486 or Pentium your using for a doorstop, it does everything that a $99 hardware gateway does, plus anything Linux can do (which is just about everything). However, by default, Smoothwall is a very small and restricted build designed for the non-Linux user to get up and running within minutes. While that's great for first time Linux users, it doesn't allow for things such as a wireless connection or for using it as a print server, etc. I will try and show you how to turn your free junk PC into a $1,000+ hardware like solution. Basic knowledge of Linux and the kernel are required, but by no account is any of this too hard for a beginner.

My Setup

For a couple years now I've had a broadband connection and the need to share it among many computers. I've used Smoothwall without any problems and my box will sit quietly in the corner for months without any attention. It has no monitor, keyboard or any other input device. Recently, I moved into a new house and luckily there is a free open wireless service within range of my house.

19db Gain Dish
A 19db gain dish brings any AP into range.

My plan was to use this free wireless service to provide Internet to my entire house through my 100 Mbit switched network. Something one of those cheap hardware solutions doesn't do. I also wanted the ability to have a central backup server that could connect to a windows share and backup files to a tape drive. Smoothwall does not have these features so the following is how I turned my limited Smoothwall setup into the ultimate router. My hardware is a Pentium 166, 500 MB Hard Drive, 128 MB of RAM, 100 Mbit PCI D-Link card, and a D-Link 802.11b card with the Prism II chipset.

My Machine
My mini-tower of power.


What You Need

First of all you need a spare PC. It doesn't have to be fancy or powerful, all you need is a 486 with at least 32MB RAM, a small hard drive, a floppy drive (if you can't boot from CD), and at least two network devices. To really make it easy, try and find a machine with PCI network adapters because the older ISA ones can be a pain in the butt to configure. Also an IDE CD-ROM drive with a motherboard that will boot from it makes installation even simpler.

Now you need to download the latest Smoothwall Express operating system from Smoothwall.org. The best way is to grab the .iso image and burn it to a CD, this will allow you to boot off the CD and straight into the Smoothwall setup. You also need to grab the matching Smoothwall Source Code.

 Now we need to head on over to www.kernel.org to grab the latest version of the 2.4.x Linux kernel, which as of this writing is 2.4.25. As an optional plus you can also download Ingo's Exec Shield patch from here. As taken from the readme:
The exec-shield feature provides protection against stack, buffer or function pointer overflows, and against other types of exploits that rely on overwriting data structures and/or putting code into those structures. The patch also makes it harder to pass in and execute the so-called 'shell-code' of exploits. The patch works transparently, ie. no application recompilation is necessary.
We also need the latest Freeswan source code. This allows use of the VPN features of Smoothwall.

The Dirty Work

Okay, now the fun part. Extract the kernel source to a directory of your choice and if you downloaded the exec-shield patch, copy it into the the root directory of your kernel source and apply the patch with:
patch -p1 -i [file]
It should apply cleanly and if not make sure the patch version matches your kernel version and try again. Now extract the Smoothwall source to a directory. All we need is the Smoothwall-kernel-2.4.XX.config file which you should also move to the kernel source's root directory and rename it .config. Now we need to configure our kernel by typing:
make menuconfig or make xconfig
Next we need to configure our box to allow for wireless or anything else we might need. Your first stop should be the 'Processor type and features". Set it to the appropriate setting based on your CPU for a bit of a performance gain, next head on down to the "Network device support". We need to enter the Wireless LAN section and allow this option. Select your wireless card's chipset from the available selection and mark it as a module (M) you can add to the kernel. If you're not sure, just mark them all, it won't hurt anything. Now enable anything else you might need, as for my box I needed the ftape driver to make my backup system work. Once you've finished, exit and save the configuration. Now lets build the kernel by typing:
make dep bzImage
After that completes, which could take a long time, extract Freeswan, enter the Freeswan directory and type:
make menumod
Go to "Networking options" and set IPsec to compile as a module. Now exit, save, and wait while Freeswan automatically recompiles all the kernel modules.

In order to better manage your Wireless config you will need the Wireless Tools for Linux package. Compile a static build of these programs by doing a make BUILD_STATIC='y'. Then zip up the binaries and we'll move them over in the next step.

Installing Smoothwall

Now we need to install Smoothwall. Just follow the instructions provided on the Smoothwall.org site which is basicly just popping in the CD or boot floppy. When it gets the the part about your network setup you will need to choose the GREEN as your LAN and RED as dialup (since it won't detect your wireless card). Configure your GREEN interface as needed for your local network and finish the install. After it reboots log into your box with a web browser and install any updates. Next enable remote SSH access from the services tab. Using your favorite SFTP program, connect to your box at port 222 and upload your custom compiled kernel, modules, wireless tools package, and anything else you require.

Now use SSH and again connect to your box at port 222. Login and type 'setup'. Enter the network configuration menu and select 'Network configuration type' and choose GREEN + RED. Next you will need to select driver and card assignments. Leave your GREEN interface alone as your wired ethernet device and configure your new RED interface. Smoothwall will tell you that you have no remaining interfaces to configure and asks if you would like to probe or select. Probing won't do anything so pick 'Select'. On the next screen choose '* MANUAL *' and you will be prompted to enter your wireless card's driver. For my D-Link card with the Prisim II chipset I needed to type:
If you are not sure what driver your card requires you may have to go through them all (they are in /lib/modules/2.4.*/kernel/drivers/net/wireless). If you have selected the proper module for your card and have the driver installed correctly you will be allowed to continue.

Exit setup and with any luck you should be good to go.  Linux automatically chooses the AP with the strongest signal so if your antenna is pointed in the right direction you shouldn't need to change anything.  If you need to change it type iwconfig wlan0 essid 'name'.