First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
Security with E-Smith SME Server
- — 10 December, 2003 07:17
E-Smith SME Server is a Linux distribution designed to serve as a dedicated firewall/gateway server, allowing you to share an Internet connection over a LAN. The distribution is a heavily-modified version of Red Hat Linux, with most of the latter, including the GUI, removed, leaving only what is required to run a firewall/gateway in a small 380MB package. In November's Linux Here’s How column we'll look at installing and configuring E-Smith SME Server to act as a firewall and gateway for your network.
E-Smith SME Server can be downloaded free of charge from www.e-smith.org. At the time of writing, version 5.6 is the latest stable release and version 6 is in the final stages of beta testing. If you wish to use SME Server simply as a firewall/gateway, as described here, version 5.6 will be sufficient to download. Version 6 includes some more advanced features, such as IPSEC support. The distribution is distributed as an ISO CD image file that can be burned to CD-R using most CD writing programs under Windows, including Nero and CDRWin.
To burn the image under Linux, become the superuser in a shell with the 'su' command and type the following:
$ cdrecord dev=/dev/sg0 speed=8 -v -data smeserver-5.6unsupported.iso
Replace "/dev/sg0" with the device corresponding to your CD writer. You can find this device name by typing "cdrecord -scanbus" in a shell. Replace "8" with the speed at which you wish to write the CD and replace the filename after "-data" with the name of the E-Smith .iso file.
E-Smith SME Server requires a dedicated computer, which would be a great use for an old computer you may have stored away. SME Server does not co-exist happily with other operating systems on your hard drive, so install it on an empty hard disk. The distribution requires 700MB of hard disk space and thus is an ideal use of an old, unused hard disk. If your computer supports booting from CD, place the CD in the drive and boot the computer to start the E-Smith SME Server installation. If you can't boot from CD, you can create a boot floppy under Windows by inserting a blank floppy, the CD, and in a command prompt typing the following:
Replace D: with your CD drive. When prompted for an image source file name, enter "..\images\bootdisk.img". Under Linux you can make a boot floppy by inserting the CD and in a shell typing the following:
$ cd /mnt/cdrom/images
$ dd if=bootdisk.img of=/dev/fd0 bs=1440k
The E-Smith SME Server installation is almost entirely automated. Initially you will be required to agree to the licence for the distribution. Following this, your hard disk will be partitioned automatically and the distribution will be installed for you. Depending on the speed of your computer and CD drive, this could take anywhere from five to 60 minutes.
Configuring SME Server
When E-Smith SME Server boots for the first time, you will immediately be required to configure the server. At this stage you will need to give the server a name, configure both network and Internet access settings and the services the server will offer. Each configuration option is explained at length. SME Server supports a wide range of network configuration options including DHCP, PPPoE and dial-up connections. If you are unsure of an answer, you can reconfigure SME Server later, so select the default option.
After configuring the server, you will be presented with the SME Server main menu. The server is now running as a firewall/gateway in the background. To reconfigure options such as your Internet connection method, select option 2 from the menu and you will be asked the same questions you were asked when SME Server booted for the first time.
If you have other computers on a network with SME Server, you can now share an Internet connection by configuring their gateway IP (configurable in the same place you configure your network card in) to the IP you gave the SME Server during configuration. Configure other settings such as DNS server to be identical to the IP addresses given to you by your ISP.
More advanced Linux users who like to get their hands dirty will be able to find most of SME Server's configuration files in the /etc/rc7.d directory.
In the next column we'll continue to look at E-Smith SME Server. Version 6 introduces some significant new features, including VPN support using IPSEC, which we will examine in some detail.
Click here to see image. The E-Smith server runs in the background and is configurable from the main menu.