<PRE>
SmoothWall Configure Guide

By Jon Fautley (filbert@webbedmail.com) and Tom Ellis
(trellis@webbedmail.com) Edited by Richard Morrell (rmorrell@valinux.com)
and Lawrence Manning (guru@smoothwall.org)

Version: 1.2 - Date: 20/09/00

This is the SmoothWall configure guide. It will tell you how to configure
SmoothWall once it's installed.  For the installation instructions, please
refer to the installation guide.

1. The Main Page and Users

If you view http://SmoothWall, where SmoothWall is the name or IP address
of the SmoothWall box, you will be presented with the main status page.
This page has links to the various user and administrator-only pages, as
well as general status information.  It also has a link to the Credits
page, via the the logo at the top of the page.

If PPP has been setup error-free, buttons will be available to Dial or
Hangup the Internet link.  Upon the link going up, the SmoothWall machine
will beep using its internal speaker.  When the link goes down, it will beep
twice.  The status of the link will be displayed as either idle, dialing or
connected.  Press refresh to refresh this status display.  At the foot of
the page is the output of the 'uptime' command when ran at the command line. 
This includes the current time and the load averages.

SmoothWall has two web users, in addition to the root login user.  The
first is called 'admin', and authenticating as this user gives access to
all configuration pages.  The other user called 'dial' is able only to use
the Dial or Hangup buttons.  By default, the dial user is disabled; to
enable it you must set a password for that user.

2. User pages

These pages are available to everyone on the local network.

2.1. Status Information

This page shows, from top to bottom:

Services: This is a list of all the services which may or may not be
running on the SmoothWall.  All accept the DHCP server should be running
at all times.  On machines with low amounts of memory (8 megabytes or
less), some services may get 'swapped out' to disk to save memory.  This
will be indicated here.

Memory: This is the output of the 'free' command.  It shows the amount of
memory used for programs, disk buffers or cache.

Uptime and users: This is the output of the 'w' command.  Shown is the
number of users logged in (via telnet).

Interfaces: This is the output of the 'ifconfig' command.  This shows
network interface information.

2.2. Network traffic graphs

This page contains graphs of network traffic over the last 8 hours.  The
four graphs show traffic on the Ethernet interface and the PPP Internet
link, in both the incoming and outgoing directions.  It also shows the
total bytes sent during that period.  It is updated every half an hour.
The black line is an instantaneous reading of traffic, taken every 5
minutes.  The red line is an average plot.

3. Administrator pages

These pages are available only to people with the 'admin' login and
password.

3.1. PPP setup

This page is used to setup PPP for dialing to the Internet.  The following
sections should be completed before attempting to dial the link.

Telephony: A dropdown box sets the modem COM port.  COM1 through to COM4
are available.  Depending on the computer and BIOS setup, you should set
this to the COM port which is connected to the modem.  Enter your ISPs
dialin access modem number into the number box.  It should contain only
digits.

The Computer/Modem rate dropdown box sets the baud rate between the
computer and the modem.  Usually the highest setting, 115200, will suffice
and give the highest available download speed from your ISP, but on very
old computers with old serial controllers, you may need to select a slower
speed.

The Persistant checkbox is used to instruct SmoothWall to try to redial
the line if the link fails for some reason.  Use this with caution; if you
have metered charges you probably not want to use this.  However, if you
have a free call ISP you probably want to use this to always keep the link
up as much as possible.

Whether or not Persistant is enabled, if more then the Maximum retries
number of dial attempts fail in a row, SmoothWall will give up until you
try to dial the link again by pressing the Dial button.

Authentication: Username and Password are the username and password that
your ISP would have supplied you with when you joined.

There are several ways in which ISPs use this username and password to
login to their systems.  The most common methods are PAP or CHAP.  Select
this is if your ISP uses either of those two.  If your ISP uses a
text-based login script, choose standard login script.  For people in the
UK who use Demon Internet as their ISP, a special script has been created
for them to use.  The Other login script option has been provided for
people who have ISPs with special needs.  If you need to do this, you will
need to login to the SmoothWall box and create a file in /etc/ppp.  This
filename (without the /etc/ppp component) should be entered into the
Script name box.  The file contains 'expect send' pairs, separated by a
tab.  USERNAME will be substituted for the username and PASSWORD for the
password.  If you examine the file demonloginscript in /etc/ppp all should
become clear.

DNS: Here you can either enter the IP addresses of your ISPs DNS servers,
or select Automatic if your ISP supports automatic DNS server
configuration, which nearly all ISPs do.

Click Save to save the settings.  If there are errors, you will be
informed in the Error messages box.  Click Restore to reload the old saved
settings.

3.2. Change Passwords

This page lets you change passwords for the 'admin' or 'dial' web users.
Enter the new password twice in the two password boxes and click Save to
activate the change.

3.3. Remote access

Here you can enable or disable Telnet and FTP access to the SmoothWall
box.  By default, neither is enabled.

There is only one login user in SmoothWall, the 'root' user.  With this
username and the password set when you installed SmoothWall, you can
Telnet or FTP the SmoothWall machine.

3.4. DHCP Configuration

SmoothWall may optionally run a DHCP server, and here is where it is
configured.

Start address and End address set the range over which you wish the DHCP
server to supply dynamic addresses.  This address range should not contain
other machine's with static assignments.  Suppose you had a network in the
192.168.0.0 range.  Assuming all your statically assigned IP address were
all lower then 192.168.0.100, you could use the upper portion of the
address range for the dynamic addresses.  In this case your start address
would be 192.168.0.100 and the end address could be 192.168.0.254.

The two DNS servers addresses specificy what the DHCP server should tell
its clients to use for their DNS server.  Because SmoothWall runs a DNS
proxy, you will probably want to leave the default alone and set the
Primary DNS server to the SmoothWall box's IP address.  If you run a local
DNS server and want your desktops to use it, set the Secondary DNS to its
address.

The Default and Maximum lease times can be left at their default values
unless you have specific needs.

Enable the DHCP server by ticking the Enable checkbox.  When you press
Save, the change is acted upon.

3.5. Shutodwn Control

This page contains a single button, Shutdown.  Upon clicking it,
SmoothWall will start its shutdown sequence.  When its complete, the
SmoothWall box will beep once indicating that you can disconnect the
power.

Alternatively, you can shutdown SmoothWall from the console.  Press
Ctrl+Alt+Del to start the shutdown sequence, as per the shutdown button.
The machine will NOT reboot.

3.6. Log viewer

Here you can view the system logs for one of three sections: PPP logs,
DHCP logs, or kernel logs.  The dropdown boxes at the top of the page
select which day you wish to view.

The PPP log is mostly useful for discovering the reason for connection
failures and the like.

3.7 Firewall log viewer

Like the normal log viewer, you select which date you are interesting
using the dropdown boxes at the top of the page.  The body of this page is
made up of a table of packets which were dropped by the firewall.
Included here is the Source and Destination IP addresses and ports, as
well as the protocol involved. Note that not all denied packets are
hostile attempts by crackers to gain access to your machine.  Connections
to the ident/auth port (113) are common occurances and can be ignored.

4. Configuring Desktop Clients

If you are utilising the DHCP server, enable the receiving network
configuration via DHCP in the network setup of the particular operating
system.  SmoothWall will then assign it an address, DNS servers, and point
its default gateway back to the SmoothWall box.

If you are using static assignments, pick an IP addresses for each client.
Set the DNS server and default gateway to the SmoothWall box.


Microsoft Windows, Nero, Adaptec DirectCD and CDRWin are registered
trademarks of their registered owners, Linux is a registered trademark of
Linus Torvalds, SmoothWall is a trademark of Lawrence Manning and Richard
Morrell. SmoothWall is based on VA Linux 6.2.1 which is an optimised
release of RedHat 6.2.

Further bug track reports, FAQ's and instructions will be available at
www.smoothwall.org

We draw your attention to the terms and conditions of the GNU Public
Licence under which SmoothWall is developed and distributed - a copy of
this can be found on the installation media or on www.gnu.org
</PRE>