Angrypeanut

This information may be useful for Windows users like me who are not
experienced with editing or transferring Smoothwall/Linux files across a
network. I have made this post long, perhaps painfully long, to cover every
detail a new Linux user is likely to need on this topic.

Introduction
Windows computer users can view and edit Smoothwall’s configuration files
using familiar Windows skills. Many of the tweaks and modifications
presented in the Smoothwall user forums require changing configuration
files in Smoothwall directories. These configuration files are plain text,
so a simple text editor is necessary. Smoothwall users can choose from a
variety of text editors, including two installed on the Smoothwall as part
of the standard package, and various text editors from other operating
systems, including Windows. This “how to” will focus on using a couple of
editors which can be used to edit Smoothwall configuration files from a
Windows computer connected to the LAN (on the green interface side of the
Smoothwall). Finally, I’ll mention using a Windows computer to transfer
files to or from Smoothwall.

Linux Editors Included with Smoothwall
But first, I’ll mention the editors included in the Smoothwall
distribution. If you are sitting at the Smoothwall keyboard and logged in
as “root” you can choose from two *nix text editors, joe and vi (pronounced
“vee eye”). To use either of these, just type “joe” or “vi” at the command
prompt, followed by the path and filename of the file you want to edit, and
hit the “Enter” key. Joe is a text editor which uses control-key commands,
like the older DOS-based WordStar, to perform common tasks such as copy,
paste, and save. “vi was the first real screen-based editor for Unix
systems. . . . [and] at first, vi may appear to be somewhat complex and
unwieldy” (Running Linux, O’Reilly, p. 276). When using vi, pushing keys on
the keyboard will do different things, depending on whether you are in
command mode, edit mode, or ex mode. Hilton covers the basics of using vi
and joe here. There may be times when you can only use joe or vi, but
Smoothwall allows alternatives in most situations.

Editing Smoothwall Files with Microsoft Windows Software
Many Smoothwall users who have primarily used Windows and who have little
previous experience with Linux will be more comfortable at first using
Windows-based editors. Doing so is possible because Smoothwall includes a
ssh server. The ssh server encrypts network traffic between the Smoothwall
and a remote machine, such as a computer running Windows, for any traffic
which is routed through the ssh tunnel. While ssh is included in
Smoothwall, it is not included in Windows, but a variety of ssh clients are
available for Windows.

Two popular and free, open source ssh clients for Windows are WinSCP and
PuTTY. The primary purposes of these two programs differ. The primary
purpose of PuTTY is to log in to the command line interface on the remote
machine. Using PuTTY, you can interact with the Smoothwall from a remote
machine exactly as if you were logged in directly to the Smoothwall (unless
you enter a command to shut down networking or ssh — then the connection
will be broken). Among other things, PuTTY will be handy if your Smoothwall
is not right next to you, or does not have a monitor and keyboard connected
to it all the time. You can, for instance, connect to the Smoothwall with
PuTTY, and then use joe or vi through PuTTY.

WinSCP
The other program, WinSCP, has a different focus. “WinSCP is an open source
SFTP (SSH File Transfer Protocol) and SCP (Secure CoPy) client for Windows
using SSH (Secure SHell). Its main function is safe copying of files
between a local and a remote computer. Beyond this basic function, WinSCP
manages some other actions with files” (WinSCP web site).

What that means for us is that WinSCP will allow you to use a familiar
Windows, graphical user interface program to directly edit files on the
Smoothwall or to copy files between the Smoothwall and your Windows
machine. If a file is copied to the Windows computer, you could use other
Windows editors to edit the Smoothwall configuration file.

Here is what is required:
- Smoothwall, installed and running
- A Windows computer which is connected to the Smoothwall via the green
interface
- WinSCP ? available here.
- PuTTY ? available here.

On the Smoothwall, be sure that “Remote Access” is turned on. You’ll find
this option by logging in as “admin” on the Smoothwall web GUI, and
clicking on the “Services” and “Remote Access” tabs. Be sure that the “SSH”
box is checked. If it is not, click there and then on the “Save” button.
I’ll let you read the Smoothwall help file to see what “Allow admin access
only from valid referral URLs” option does for you.

On the Windows computer, install PuTTY and WinSCP. The current version of
PuTTY is 0.54b and of WinSCP is 3.5.6. If you are using a newer version,
things could be different.

To connect using WinSCP, start WinSCP and enter the following options:
On the Sessions page:
- Host name: enter the ip address of the Smoothwall’s green interface.
- Port number: enter 222 (NOT 22).
- User name: root

I have also selected the following options, but these are not essential:
On the Sessions page:
- Protocol: SFTP
On the SSH page:
- Preferred SSH protocol version: 2 only
On the Preferences page:
- Interface: Norton Commander

When you’ve created your preferred settings, you can save them for future
use on the Stored Sessions page.

To connect to the Smoothwall, click on the Login button. WinSCP will
connect to the Smoothwall and give you a “Enter Password” prompt. There you
will enter your password for the “root” user on Smoothwall. If all has gone
well, WinSCP will display files and directories from your local, Windows
computer on the left and files and directories from your Smoothwall on the
right (this is the “Norton Commander” style interface). If you don’t
connect, check everything again, from your “root” password to connectivity
between the Windows computer and Smoothwall, to ssh’s running on the
Smoothwall.

I won’t go into depth on navigating using WinSCP, because if you are
familiar with the basic functions of Microsoft Windows Explorer, you will
have no trouble with WinSCP. There are two new and important WinSCP
functions, however.

First, and the main point of this exercise, is that if you right click on a
filename on the Smoothwall, you will have the option to edit the file.
WinSCP includes a simple text editor which will suffice most of the times
you want to view or change text files on the Smoothwall. You can view or
edit Smoothwall configuration files and view raw log files.

Second, you can change the rights/properties of any file, by right-clicking
and choosing the properties option. If you edit any files on the Smoothwall
? especially if you have edited them while they were stored on your Windows
computer and then you manually copied them back to the Smoothwall ? be sure
that the rights/properties are set the same as the original file. If the
rights to a configuration file are incorrect, the program using that file
can fail.

You’ll also notice that you can right-click and rename files. This can be
used to create backups of the original files with a different name so that
if your changes cause a problem, you can go back to the original settings.
I add “.orig” to the end of the filename, but it doesn’t matter if it works
for you.

To copy files between Windows and Smoothwall, just drag and drop between
the left and right panes. You can store the files on Windows as a backup
for your Smoothwall configuration, and you can edit the files completely on
the Windows machine.

Remember two issues, however, when copying files back to the Smoothwall.
First is the properties/rights issue listed just above. Second is the fact
that Windows editors tend to treat the end of lines in text files
differently from *nix editors. If you create or edit a file using a Windows
editor and then copy the file back, Smoothwall will not read the ends of
lines the way you want and will be unable to use the file. You can overcome
this by using a Windows editor which understands Unix text files.

Some Other Windows Text Editors
I use a small and simple freeware editor called metapad, which can be set
in its preferences to use Unix end of line codes (Choose Options > Settings
> Advanced 1 > Default File Format: Unix Text). Metapad is by Alexander
Davidson and is available here. Metapad does add “.txt” to filenames,
however, unless you select the “Don’t autosave extensions” on the same
“Advanced 1″ options tab. You probably won’t want “.txt” on your files on
the Smoothwall.

There are several other good Windows editors which will also work well. The
Windows Notepad text editor will not get the right end of line codes for
Linux files. WinSCP gives you the option of making any Windows editor your
default editor in place of its integrated editor; just enter your choice in
the Options > Preferences > Editor > External editor dialog.

Some of the other Windows editors with *nix file support worth your
consideration:
- GVim (includes a GUI version of vim)
- ConTEXT Programmers Editor
- PSPad Text and Code Editor
- Syn Text and Programming Editor
- mpot recommended combination text editor and SSH client: UltraEdit
(shareware – $35 registration required after 45 day trial period)

Many of us, however, will do fine just using WinSCP’s built-in editor most
of the time.

PuTTY
I mention PuTTY here primarily because you after change configuration files
you will need to cause Smoothwall to use the new files. Smoothwall will not
immediately and automatically detect that you have changed a file and start
using your changed configuration. Smoothwall will use the changed file
automatically when you reboot/restart Smoothwall, but it is generally not
necessary to reboot. Normally you will just need to stop and restart the
particular service/program which uses that configuration file. The exact
command to do that depends on what part of Smoothwall you are editing.

Here are some example commands to restart a service after making changes:

- dansguardian:
|———————————————————————-|
|Code: |
|———————————————————————-|
|/etc/rc.d/init.d/dansguardian restart |
|———————————————————————-|

- dnsmasq:
|———————————————————————-|
|Code: |
|———————————————————————-|
|killall dnsmasq; dnsmasq -r /etc/resolv.conf.dnsmasq |
|———————————————————————-|

- Firewall and Network Settings:
|———————————————————————-|
|Code: |
|———————————————————————-|
|/etc/rc.d/rc.netaddress.down; /etc/rc.d/rc.netaddress.up |
|———————————————————————-|

- snort:
|———————————————————————-|
|Code: |
|———————————————————————-|
|/usr/local/bin/restartsnort |
|———————————————————————-|

- squid:
|———————————————————————-|
|Code: |
|———————————————————————-|
|/usr/local/bin/restartsquid |
|———————————————————————-|

- sshd:
|———————————————————————-|
|Code: |
|———————————————————————-|
|/usr/local/bin/restartssh |
|———————————————————————-|

- syslogd:
|———————————————————————-|
|Code: |
|———————————————————————-|
|killall -HUP syslogd |
|———————————————————————-|
PuTTY will allow you to enter Smoothwall commands from your Windows
machine. Parts of WinSCP are based on PuTTY and connecting with PuTTY is
the same as connecting with WinSCP, as covered above.

Transferring Files with WinSCP
As mentioned above, the primary purpose of WinSCP is to transfer files. A
number of mods presented in these forums now include files which need to be
downloaded and put on your Smoothwall. You cannot download directly from
the internet to Smoothwall. You cannot copy files onto a floppy disk and
get them onto Smoothwall either, as Smoothwall does not read any floppy
disks except its own backup disk. You can download files to your Windows
LAN client, however, and use WinSCP to get them onto Smoothwall. Login
using WinSCP as covered above, navigate in the left WinSCP pane to the
directory where the file is, and drag and drop the file from the left pane
to the right pane and into the Smoothwall directory where you want the
file.