Welcome to Smoothwall Express 3.1
The Smoothwall Community is pleased to announce the fifth Release Candidate
for our long awaited Smoothwall Express 3.1 Firewall. RC5 corrects a number of
issues found since we released the fourth RC, settles on i586 and x86_64 as the
architectures that will cause the fewest problems when upgrading from v3.0,
contains a well-refreshed QoS feature, and has Marco's URL Filter mod and the
DHCP Lease Table mod fully integrated.
This release is a refresh of v3.0's foundation and a culmination of five years
of effort that began with the Roadster Test Vehicle. The build system has been
thoroughly worked over, and the user interface has been freshened with several
The vast majority of the work was done 'under the hood'. Here are just a few
of the software upgrades: Linux 3.4, glibc 2.18, gcc 4.7, perl 5.14,
squid 3.3, httpd 2.2.26, iptables 1.4.14, and openswan 2.6.41. Some of these
updates are ready to enable new features such as HTTPS proxying in squid. In
addition to these updates, numerous bugs present in v3.0 that caused
hard-to-reproduce problems or minor errors in the user interface were squashed.
If the firewall admin notices little difference between it and the v3.0 she
has been using, Smoothwall Express 3.1 will have achieved its goal.
Key new features & improvements in version 3.1
- The build system is vastly improved; it is now re-entrant (a build will continue where it left off when an error is encountered and fixed), and compiles will use all CPU cores present).
- There are now three ISO images: standard install, developer's edition that contains the development and documentation packages, and a 27MiB 'off-road' edition to be used to verify general hardware compatibility with v3.1.
- Grub Legacy is now used to boot all drives: ISO images, flash installers, and the installed target.
- SMP is standard for 32- and 64-bit installations. Smoothwall Express will now use those extra CPU cores.
- Installation on KVM, Xen, VMWare and Hyper-V virtual systems is supported. KVM works well; support for the other three was recently added and hasn't been tested very well.
- The distribution ISO image includes several new features.
- an option to make a bootable install flash drive; it is now possible to install from a flash drive when there is no CD/DVD drive available.
- options to install and/or boot using a serial console.
- the basic (traditional) installer to be used when the system contains one hard drive, one CD/DVD drive, and standard VESA display with keyboard.
- a new advanced installer to be used with all other install options
- choose the target hard drive
- choose the installation source drive (ISO, flash, or other)
- use a serial (EIA-232) console
- install and upgrade with a restore of 'variable' data from a previous archive
- completely restore a 'total' archive
- use ext4 or reiserfs
- optionally install the development and/or documentation packages
- The kernel now provides /dev entries for all devices it knows about; udev handles the rest.
- The bandwidthbars presentation was reworked and improved.
- The interfaces page has a new subsection for the RED NIC that allows the admin to ignore the MTU setting the ISP sends in their DHCP packets and allows the admin to override the ISP's DNS servers.
- The browser's preferred language can now control the language presented in the user interface.
- There is a new Plug-n-Play backup system: hot-plug a configured drive and the system will be automatically archived onto it in both a 'var' archive (all the 'variable' data on the system) that is useful when upgrading, and a 'total' archive that is useful when a system fails or is moved to new hardware. USB and eSATA drives are known to work.
- The Smoothinfo mod has been integrated into the user interface.
- The QoS feature has been thoroughly reworked and provides much smoother traffic shaping.
- Marco's URL Filter mod from Express 3.0 has been fully integrated into 3.1.
- The DHCP Lease Table mod has been fully integrated into 3.1.
Please visit the 3.1 RC5 known issues (errata) thread to see known issues, errata, and corrected problems.
A note about previous RCs: if you are running RC1, RC2, RC3, RC4 or an earlier RC5 daily build, you must install RC5 ASAP. OpenSSL had a major bug that could leak data to unauthorized parties. Second, IPv6 was not correctly firewalled; there's a small chance your UI and/or SSH could be accessed from RED via a link-local address; this bug is present in Roadster, too.