I've been lurking on this list for a while but never really had any information to add to any of the discussions I've seen. However, I have experience using smoothwall 1.x and 2.0. I'll intersperse some comments throughout the previous email, and then add some more comments at the bottom.
On Wed, Feb 04, 2004 at 10:29:50AM -0800, Ray Olszewski wrote: > At 09:43 AM 2/4/2004 -0800, Mike Noyes wrote: > >Everyone, > >How do we stack up against Smoothwall? It seems to consistently get more > >press than we do. > > > > Review: Smoothwall Express 2.0 Final > > http://www.osnews.com/story.php?news_id=5897 > > I'm in the process of downloading the relevant iso's now, and I;ll take a > look a thtem later. To judge just from the review you referenced and the > Smoothwall Website, I'd guess that people see Smoothwall as having these > advantages: > > 1. A nice, Web-based administration interface. Apparently one that uses SSL. This is true, and in 2.0, the web interface is actually pretty logical and consistent. It is simple enough that even my parents could use it. > 2. Ease of setup, particularly with respect to hardware issues like NIC > detection. The review doesn't actually mention this part of the setup, from > which I infer that it happens invisibly. This is true enough. It is fairly easy to set up smoothwall. The installation is reminiscent of redhat 4.x or 5.x. A few things aren't very clear during install (like the fact that PPPoE has to be set up as a dialup via the web GUI thing after install). Changing the hardware down the road is a major pain. > 3. Lack of choice. (Yes, I do think many people, beginners especially, see > this as a benefit.) There is really only one install system -- the 2.0 CD > image -- to select. It is geared to the sort of spare PC -- one with a CD > drive, a modest-sized hard disk, and a floppy drive, NICs that can be > autodetected -- that many people will have laying around (except for adding > the second NIC). Notice that the reviewer talked about running Smoothwall > 1.0 on "an old Pentium II 400mhz machine" ... something well above the LEAF > hardware minimum. > > (This lack of choice can leave one high and dry, though. Consider that the > reviewer talks about abandoning his Smoothwall 1.0 system when he moved and > "I couldnt get it to pick up an ip address from my new broadband provider > (ADSL based) so I gave up and re-installed the dlink hardware firewall" ... > which, presumably, could get an address assignment. Who knows what went > wrong here and if LEAF could have handled it?) I would guess that it was a problem either with a USB DSL modem or with PPPoE. Yes, you're "locked in" with smoothwall. However, as "appliances" go, this one had a lot of nice features. > 4. Professional looking Website. This is a side effect of Smoothwall being > a free product made available ... I assume for business-promotion reasons > ... by a vendor of "commercial supported security products, designed for > use in small to medium sized businesses, education and corporate offices". > > 5. Possibly, a more systematic approach to updates. At least the review > seems to imply that. Patches were a single file that you uploaded via the web GUI. If a reboot was required, it would reboot automatically. However, you didn't really know what the patch did under the hood. > Put all of this together and I suspect that Smoothwall will look a lot like > a Linux version of the sort of SOHO router/firewall made by Linksys, > Netgear, etc. Very useful for a small set of "standard" uses, but hard to > adapt to the kinds of unusual, custom requirements that I regularly see > discussed on leaf-user. You're right, smoothwall is exactly like a version of a dlink or linksys or whatever, except that it works correctly. My experience with both linksys and dlink was that long term quiescent tcp sessions would mysteriously die. This never happened with smoothwall. > LEAF cannot compete with a distro like this on its own terms. Nor do I > think we should try to. Fond as I am of the naive, beginner-level home > user, today's LEAF variants no longer really are optimized for that sort of > application. Our strength is in flexibility, and to a degree in bottom > fishing ... the simplest LEAF systems can still run on much more minimal > hardware than Smoothwall can, I believe. LEAF continues to push the edge on > minimalist configuration options, with its use of uClibc and other > libraries and apps that have a more "embedded focus" than I suspect > Smoothwall has. > > These are just preliminary thoughts, though. I have some free time later > this week, and a spare system to do a test install on, so I'll take a look > at Smoothwall in test-bench operation and see what it looks like. I have to agree with you. LEAF and smoothwall are significantly different, in approach, requirements, target audience, etc. With smoothwall, you're stuck with what someone else decided to build for you. It isn't easy to change the system in any drastic way. All of the configuration stuff is in undocumented files under /var/smoothwall. Most of the code for managing smoothwall does so in undocumented ways. It is aggravating to anyone that is used to having control over a linux system. Additionally, the minimum requirements are a bit steep. Smoothwall does have built-in snort, squid, dhcp, etc. It supports simple LAN/WAN networks, or slightly more complex LAN/DMZ/WAN networks. Anything beyond that is basically beyond smoothwall. I used smoothwall for several years, living with my dislike for it. I investigated LEAF and downloaded and tried several versions. However, I had already decided to target the soekris platform, and I found that getting any LEAF running on that platform took too much time and effort. As such, I chose to use m0n0wall (http://m0n0.ch/wall). If anyone wants to compare LEAF to smoothwall for a competitive angle, I highly recommend checking out m0n0wall as well. That is very professional grade software that is simple, powerful, flexible, and best of all, aims to do one thing and do it very well. I'm still following LEAF development and playing around with releases and such. There is an application for a soekris that I'm working on that requires a linux system instead of BSD (the PCMCIA card is only supported under windows or linux), and I'm still considering using LEAF for that. However, for my firewall, I didn't want to use something that was a struggle to install on that system. I also wanted something my parents could use so that I could support them as well. m0n0wall has the power and features I want and the ease of use that they require. I hope this information is helpful, and is not considered inflammatory. I do not in any way mean to disparage any of LEAF. Quite the contrary, I am very impressed with LEAF. Thanks for your time in reading this, Jim Gifford ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
