SmallWall Version 1.8.x, May 2015
Copyright © 2015 SmallWall Documentation Project
All rights reserved.
Redistribution and use in any form, with or without modification, are permitted provided that the following conditions are met:
Redistributions must retain the above copyright notice, this list of conditions and the following disclaimer.
Neither the name of the SmallWall Documentation Project nor the names of its contributors may be used to endorse or promote products derived from this documentation without specific prior written permission.
THIS DOCUMENTATION IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION OR THE ASSOCIATED SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
May 2015
Table of Contents
- 1. Introduction
- 2. Hardware Compatibility
- 3. Setup
- 4. Configuration
- 5. The Firewall Screens
- 6. Network Address Translation
- 7. Traffic Shaper
- 8. IPsec
- 9. PPTP
- 10. L2TP
- 11. Wireless
- 12. Captive Portal
- 13. Example Configurations
- 14. Example IPSec VPN Configurations
- 15. FAQ
- 15.1. How can I prioritize ACK packets with SmallWall?
- 15.2. Why isn't it possible to access NATed services by the public IP address from LAN?
- 15.3. I enabled my PPTP server, but am unable to pass traffic into my LAN
- 15.4. I just added a new interface to my SmallWall box, and now it doesn't show up in the webGUI!
- 15.5. Does SmallWall support MAC address filtering?
- 15.6. Does SmallWall support SMP systems?
- 15.7. Why can't hosts on a NATed interface talk to hosts on a bridged interface?
- 15.8. What were the goals behind the m0n0wall project?
- 15.9. So what are the goals behind the SmallWall project?
- 15.10. How do I setup multiple IP addresses on the WAN interface?
- 15.11. Can I filter/restrict/block certain websites with SmallWall?
- 15.12. Why are some passwords stored in plaintext in config.xml?
- 15.13. Are there any performance benchmarks available?
- 15.14. What about hidden config.xml options?
- 15.15. Why can't I query SNMP over VPN?
- 15.16. Can I use SmallWall's WAN PPTP feature to connect to a remote PPTP VPN?
- 15.17. Can I use multiple WAN connections for load balancing or failover on SmallWall?
- 15.18. Can I access the webGUI from the WAN?
- 15.19. Can I access a shell prompt?
- 15.20. Can I put my configuration file into the SmallWall CD?
- 15.21. How can I monitor/graph/report on bandwidth usage per LAN host?
- 15.22. Will there ever be translated versions of SmallWall? Can I translate SmallWall into my language?
- 15.23. Does SmallWall support transparent proxying?
- 15.24. Should I use SmallWall as an access point?
- 15.25. Why am I seeing traffic that I permitted getting dropped?
- 15.26. How can I route multiple subnets over a site to site IPsec VPN?
- 15.27. How can I block/permit a range of IP addresses in a firewall rule?
- 15.28. Why does my MSN Messenger transfer files very slowly when using traffic shaper?
- 15.29. Can I forward broadcasts over VPN for gaming or other purposes?
- 15.30. How can I use public IP's on the LAN side? Or how can I disable NAT?
- 15.31. Are PCMCIA cards supported?
- 15.32. Are there any tweaks for systems that will need to support large loads?
- 15.33. Can I add MRTG or some other historical graphing package to SmallWall?
- 15.34. Can Captive Portal be used on a bridged interface?
- 15.35. Can I run Captive Portal on more than one interface?
- 15.36. Why do my SSH sessions time out after two hours?
- 15.37. Why am I seeing "IP Firewall Unloaded" log/console messages?
- 15.38. Why can't my IPsec VPN clients connect from behind NAT?
- 15.39. Why doesn't SmallWall have a log out button?
- 15.40. Can I sell SmallWall (or use it in a commercial product)?
- 15.41. When will SmallWall be available on a newer FreeBSD version?
- 15.42. Is there any extra Captive Portal RADIUS functionality available?
- 15.43. How can I increase the size of the state table?
- 16. Other Documentation
- 17. Troubleshooting
- 17.1. Interfaces are not detected
- 17.2. After replacing my current firewall with SmallWall using the same public IP, SmallWall cannot get an Internet connection.
- 17.3. No Link Light
- 17.4. Cannot Access webGUI
- 17.5. Cannot Access Internet from LAN after WAN Configuration
- 17.6. Troubleshooting Firewall Rules
- 17.7. Troubleshooting Bridging
- 17.8. Troubleshooting IPsec Site to Site VPN
- 17.9. Troubleshooting Solid Freezes
- 18. Bibliography
- Glossary
- A. Reference
- B. Third Party Software
- B.1. Introduction
- B.2. Collecting and Graphing SmallWall Interface Statistics with ifgraph
- B.3. Updating more than one Dynamic DNS hostname with ddclient
- B.4. Using MultiTech's Free Windows RADIUS Server
- B.5. Configuring Apache for Multiple Servers on One Public IP
- B.6. Opening Ports for BitTorrent in SmallWall
- B.7. Automated config.xml backup solutions
- B.8. Historical Interface Graphing Using MRTG on Windows
- C. License
- C.1. The FreeBSD Copyright
- C.2. The PHP License
- C.3. mini_httpd License
- C.4. ISC DHCP Server License
- C.5. ipfilter License
- C.6. MPD License
- C.7. ez-ipupdate License
- C.8. Circular log support for FreeBSD syslogd License
- C.9. dnsmasq License
- C.10. racoon License
- C.11. General Public License for the software known as MSNTP
- C.12. ucd-snmp License
- C.13. choparp License
- C.14. bpalogin License
- C.15. php-radius License
- C.16. wol License
- Index
List of Figures
- 4.1. The General Setup screen
- 4.2. The Firmware screen
- 4.3. The System Status screen
- 4.4.
- 4.5. The Traffic Graph screen
- 8.1. Example: SmallWall behind a router
- 13.1. Example Network Diagram
- 13.2. Filtered Bridge Diagram
- 14.1. Network diagram
- 14.2. Example of Sonicwall configuration
- 17.1. Trobleshooting Internet Access
- 12. Typical DMZ Network
List of Tables
- 4.1. General Setup parameters
- 4.2. Advanced System Options
- 4.3. Log Settings Parameters
- 4.4. The two entries for each VPN connection are as follows:
- 8.1. IPSec Feature List
- 11.1. Wireless Parameters
- 12.1. Connection Parameters
- 12.2. Secure Authentication Parameters
- 12.3. User Parameters
- 12.4. Radius Server Parameters
- 12.5. Voucher Parameters
- 12.6. Voucher Roll Parameters