Yuryus
Junior Member | Редактировать | Профиль | Сообщение | ICQ | Цитировать | Сообщить модератору
Можно сделать отдельную ветку.
http://community.smoothwall.org/ сайт
http://community.smoothwall.org/forum/ форум
http://community.smoothwall.org/forum/viewtopic.php?t=2873 Плагины
http://sourceforge.net/project/showfiles.php?group_id=114890 Дистрибутивы (читайте прилагаемую доку, в ней состав дистрибутива)
Extended Defense (ExD) ISO в нём
Цитата: Release Name: ExD Basic Plus
Notes:
[2.0] SmoothWall Extended Defense Basic PLUS-Custom Iso
New! 26 November 2006
This is the newest version of the SmoothWall Extended Defense Custom Iso series, Extended Defense Basic PLUS. Previous versions of the Iso had the various mods pre-installed and pre-configured in the Iso and the user had no choices about which mods were installed. This new version changes that.
This newest version has a collection of mods pre-installed and pre-configured. In addition, there is a package of additional mods included in the Iso that the user will be able to choose which additional mods, if any, they would like to install.
--------------------------------------------------------------------------------
What is this custom iso?
This is a SmoothWall Custom iso image created with Steve McNeill's Custom Iso Creator mod.
It is intended to include some mods that make it easy to install a preconfigured SmoothWall for use as a parental control and/or small business firewall.
What is included in this ISO?
The following mods are pre-installed and pre-configured in the Iso. The user does not need to make any of these choices about whether to install these, they are already installed.
1. Stock SmoothWall Express v2.0
2. Fixes 1-9
3. Tiago's DHCPPack mod.
4. NetWhiz's DHCPD Update
5. NetWhiz's DNSMasq Update
6. Daniel_Hozac's Blue Interface mod
-The inclusion of the blue interface allows the user to select and setup the blue interface during the SmoothWall installation and setup.
If the Blue Interface is not setup from the initial SmoothWall install, the Blue Network Config tab will no longer appear in the Networking subtab. If it is subsequently setup after installation of SmoothWall, the Blue Config tab will automagically reappear.
DHCP for the Blue Network will appear on the DHCP gui page only if DHCP and DNS are enabled on the Blue Network Config page.
Also, if you do setup a blue interface, be aware that the network configuration of the blue interface uses a "static IP" and not the DHCP selection. Select Static IP and then enter the internal LAN IP address you wish to use. Any questions about this should be asked in the Blue Interface mod thread linked above.
7. Kevin Hughes's ClamAV v0.88.6 mod.
8. Kevin Hughes's DansGuardian with Integrated AntiVirus mod.
9. Bigblacklist from Url Blacklist for DansGuardian blacklists.
-A note about the blacklists. This was a free download from UrlBlacklist.com but if you want to update the lists using their update service, they charge a fee to use the update service. Go to their website for details.
10. watermark's Spyware Blockage with DansGuardian mod.
This mod updates the spyware domains section of the DansGuardian blacklists.
11. Steve McNeill's Content Filtering Graphical User Interface mod.
I have edited the header.pl file so that the Email Filter Log does not appear on the Logs page if the mfilter mod (smtp mail filtering) is not installed. If the mfilter mod is later installed, the Email Filter Logs tab should reappear.
12. Stan Prescott's Blockscript GUI mod for timed access for blocking AIM, MSN, and Yahoo chat and port blocking. This mod includes Kevin Hughes's Blockscript mod.
13. Stan Prescott's Crontool mod for adding and editing tasks in SmoothWall's crontab file.
14. NetWhiz's Full Firewall Control mod.
15. NetWhiz's Guardian Reactive Firewall mod.
-Please read through the thread for this mod (linked above) for specifics on the use of this mod. Briefly, though, after installation of this iso, you will need to edit the file
Quote:
/etc/guardian.ignore
and put the IPs that you do not want Guardian to block in the file such as Green, Orange and Blue IPs, DNS addresses, etc. One IP per line. Then stop and restart snort via the Admin GUI Services tab.
Also, you will need to edit the /etc/guardian.conf file and change the line
Code:
Interface eth2
to reflect whatever your RED interface is. For example, Guardian config defaults to eth2 for the RED interface. However, for a RED-GREEN network setup, the RED interface is eth1. See the Guardian Reactive Firewall thread linked above for any other issues with running Guardian in this ISO.
16. NetWhiz's Snort Update
This updates the older version 2.0 of snort in the stock SmoothWall to the newer Snort version 2.4.3.
17. MALEADt's Oinkmaster automatic snort rules updater.
I have installed this mod so that it uses the bleedingsnort rules (now known as the bleedingthreats rules). If you would like to use a different set of rules to update, go to the thread for this mod linked above for instructions how to do that.
18. sifukurt's Malware and Blackhole DNS mod.
-Please read through the thread for this mod linked above. Specifically, you will need to run the script for this mod by running this code
Code:
/usr/local/bin/blackhole.pl
in a PuTTy window or at the console. The thread for this mod also describes how to check to see that this mod is blocking malware.
19. NetWhiz's SmoothWall Information Display
20. Steve McNeill's Universal Plug and Play Update
21. BoHiCa's OpenSwan Upgrade
22. Tiago's VPN IPSec Update
23. Various edits to rc.firewall.up to decrease unnecessary logging of some worm and netbios hits as outlined here.
Additional mods for installation
The following list of mods are included in a "mods package" that have been placed in the /tmp directory of this SmoothWall custom Iso.
When the Iso is installed, during the initial startup of SmoothWall after the setup, the user will be asked if they would like to install any additional mods. Answer "Y" or "N". The user will be given 30 seconds to read the installation of additional mods message and answer y or n. If the user does not respond within 30 seconds of the message appearing, no mods will be installed and the script will not run again on subsequent reboots of SmoothWall. However, if the user does not respond within the 30 seconds allotted time, the mods package and installation script will still be in the /tmp directory if they should decide later that they would like to install any additional mods. While waiting for user input, you may see some additional startup messages appear, e.g. the "Register" and "Done" messages. Ignore these while answering whether to continue with additional mods installation.
If the user answers "N" to the installation of additional mods question, the mods package will be removed and the installation script will not run again on subsequent reboots of SmoothWall.
If the user answers "Y" to the installation of additional mods, then the install script will continue step by step to ask the user which mods they wish to install. Answering "Y" to the installation of an individual mod will then install that mod and then delete the tarball and install script of that mod. Answering "N" to the installation of an individual mod will cause the tarball of that mod to be deleted and the mod will not be installed.
See the descriptions of the additional mods that can be installed below and read the installation notes for each one. Failure to read the installation notes below may result in an incorrect installation of an individual mod and may cause your SmoothWall to fail to work.
1. marco.s Advanced Web Proxy version 2.0.0 mod. There are no special installation issues to install this mod in this Iso. Just answer y or n to install or skip.
2. Stan Prescott's (me!) Advanced Web Proxy and Content Filtering for Orange and Blue mod. The only installation issues with installing this mod is that the script will not let you install this mod if marco.s Advanced Web Proxy mod was not installed first. Also, if you have a Red-Green only network, then you do not need this mod and it would be pointless to install it.
-One important issue with this mod. You will need to start and stop the content filter using the checkboxes on the Advanced Web Proxy gui page. You will still do all editing of DG settings using the DGGUI. But when it says to restart the content filter for changes to take effect, you should do it from the Advanced Web Proxy gui page.
3. MALEADt's MSN Sniffer mod.
4. sligh's AIM Sniffer mod
This mod and the MSN Sniffer have both now been included in a log viewer on the logs page that was included with the AIM Sniff mod. There are no other installation issues with these mods that I know of. When asked whether you want the sniffers started after installation, you can answer y or n, it doesn't really matter, as they will be started when SmoothWall reboots after the installation.
5. Daniel Bergamini's Orange Services Mod. There are no special issues with installing this mod in the Iso.
6. KrisTof's ARP Scanner Mod. No special installation issues.
7. KrisTof's Netbios Scanner Mod. No special installation issues.
8. KrisTof's File Upload Mod. No special installation issues.
9. KrisTof's IP Range to CIDR Calculator mod. No special installation issues.
10. Steve McNeill's Colored vi and ls mod. No special installation issues.
11. Kev Hughes's DansGuardian Bypass Add-on. No special installation issues.
12. Stan Prescott's Web Proxy and Content Filtering on Orange and Blue mod. This mod can only be installed if the Advanced Web Proxy is NOT installed. Also, if you have a Red-Green only network, then you do not need this mod and installation of it would be pointless.
13. Steve McNeill's SMTP and Dspam email filter v1.06. No special installation issues.
14. mr.wilson's Midnight Commander mod. No special installation issues.
15. And last, but not least! BoHiCa's ETHERNET SuperKernel 2.4.33-3-sk-v1 mod. There are several installation issues with this mod.
-The number one issue is do not install this mod if you do not know why you might need it or are unfamiliar with the installation of it. I would highly advise that you read the first post in the SuperKernel thread linked above to familiarize yourself with the SuperKernel and the issues with installing it.
-I have included the installation of the SuperKernel as an option for the purpose of allowing users the ability to add the SuperKernel if they wish to add any SuperKernel requiring mods to this Iso (e.g. QoS, etc). If you want an Iso that is completely optimized for SuperKernel use, you should forego this Iso and instead use BoHiCa's soon to be released SuperKernel unified Iso.
-There will be a prompt during the SuperKernel installation that will ask you if you want to install the Universal Plug and Play update. Since this is already installed in the Iso, you may answer "N". If you answer yes, it will be reinstalled and won't hurt the existing installation, but it is unnecessary to install the UPnP update.
-There are several prompts during the installation of the SuperKernel the user needs to respond to. Be sure you read through these carefully. Pay special attention to this lilo.conf note
Quote:
Do you want to install the pre-configured lilo.conf file?
***NOTE: If you used the fixes8 iso to set up this machine
SELECT N. If your machine was set up with the
normal/offical ISO, then select Y
Select [Y/N] then hit <ENTER>? (Y,N)
when you see this message appear, you should answer Y. If you do not answer yes, lilo will not be configured properly for this installation and SmoothWall will not work.
--------------------------------------------------------------------------------------
How to use these mods
I have done all the editing each mod requires to make them work after installing this ISO.
You should post any questions you have about usage of any of the mods included in this ISO in the appropriate mod's thread which I have linked for you above. This includes any questions or information on updating mods, uninstalling mods, or any other problems with the mods.
Where to get this ISO
You can download the ISO and MD5 checksum from SmoothieMods.
Installing the ISO
After downloading the ISO, burn it to a CD using whatever CD burning software you prefer. Nero works for me. Then install the customized SmoothWall from that CD as you normally would.
After the initial setup of SmoothWall from the CD, SmoothWall will reboot. During reboot you will see a message asking if you want to install any additional mods. Answer "Y" or "N" to install, or not install, any additional mods. If any additional mods are installed, you will be asked to to allow SmoothWall to reboot after the mods are installed. When reboot starts, SmoothWall will reboot and start as normal.
Once again, if you install any additional mods during the initial setup of SmoothWall, pay attention to any prompts you are given to respond to. Make sure you read the information that appears during installation of the mods as some important information is given during the installation. Failure to carefully read and follow these prompts may result in a non-working Smoothie. You have been warned!
Disclaimer
This ISO is distributed under the terms of the GNU GPL. This is a heavily modified version of SmoothWall. The modifications all work well together for me (the IWFM factor). However, there is always the chance that a mod may decide not to play nicely with the other mods, or "knackering" as BoHiCa puts it. Laughing
I cannot be responsible for any untoward events that may occur with the use of this ISO. This includes but is not limited to a non-working SmoothWall, loss of data, or privacy concerns. Please be aware of any privacy issues with the use of this ISO, meaning the ability to use this iso to "spy" on users.
Thank you!
1. Thanks to everyone that created the mods that went into this ISO. Having created a couple of mods myself, I know the amount of work that goes into doing these and these people do it for free to help us out and make SmoothWall better. And a special thanks to Steve McNeill for creating the Custom Iso Creator that made these custom ISOs possible. Please consider throwing a few $$ their way to help them with their efforts.
2. Thanks to BoHiCa for all his advice on creating this Iso. He was always friendly and helpful with my (many!) PMs asking for help. Thanks again, BoHiCa!
3. And finally, thanks to my wife for putting up with all the time I spend doing this stuff when I should be spending the time with her instead. Very Happy
Enjoy!
Stan
--------------------------------------------------------------------------------
Changes:
10-12-2006
See the release notes for this ISO for differences between this updated Iso and the original Iso.
10-20-2006
Updated Iso to include the fixes 9 patch.
11-2-2006
-Fixed the blue interface that was broken by fixes 9.
-Added ability for Blue to talk to Orange
-Removed the Orange Services mod since I have not tested that mod with fixes 9
-Added some other mods such as OpenSwan upgrade and VPN IPSec update. See the list Notes above.
11-26-2006
-Added the ability for the user to select some additional mods they would like to install (or not install) during the installation of the Iso. See the release notes for details.
|
Добавлено:
Carlos69
Для проверки ДНС просто попробуй открыть айпишник в браузере.
А на каждом клиенте тебе нужно прописывать ДНСы обязательно.
Смотри есть собранные дистрибутивы с Full Firewall Control
И очень полезный мод
Advanced Web Proxy
управление прозрачным кешированием. И интелектуальным шейпом
Если в нём всё настроить, то при наличии DHCP сервера ничего настраивать у клиента ненужно
И что важно, это то, что не рекомендуется что либо править руками, если ты незнаешь точно что править.
|
Всего записей: 92 | Зарегистр. 07-12-2005 | Отправлено: 23:12 27-12-2006 | Исправлено: Yuryus, 01:37 28-12-2006 |
|
) и поднять за 10 минут, что я проделываю так же быстро... 
