We looked at some of the Linux solutions, including the very well-respected free SmoothWall firewall (at http://www.SmoothWall.org), but nearly all of them couldn't handle our need to route the same protocol to different hosts. You could build your own variant of this using IP Tables or IP Chains in Linux, but we tried, and it was anything but obvious. Kernel modifications were needed, and after a week of banging our heads against the wall, we gave up.

SmoothWall Corporate Server 3.0
However, we finally found a product that would do just what we wanted. SmoothWall Ltd (at http://www.SmoothWall.net -- not .org this time), the company that makes the free open-source low-end firewall, also makes a high-end corporate firewall, shown in Figure C, that has the multiple host management tools we wanted.

FIGURE C

The SmoothWall Corporate Server has a usable Web interface. Click picture for a larger image.

Further, SmoothWall Corporate Server 3.0 costs $340 (US), while the module that adds our multi-IP protocol routing, SmoothHost, costs an additional $246 (US), for a total of $586, well under any hardware firewall price we've found. We put a spare 2Ghz tower PC into service, shoved a gig of RAM into it, and three NETGEAR cards, and we had a firewall for under a thousand bucks.

This is not to be sneezed at. And, in fact, it works quite well. But it was definitely a bitch getting there.

Our experiences with SmoothWall Corporate Server 3.0
When you install the product, it reformats the hard drive of your designated PC, and installs a Linux distribution onto it. Once you've used the wizard to do your install, you're up and running.

Except we weren't. It took two very long nights to get this beast working.

We lost four hours and at least as many reinstalls to the fact that SmoothWall requires short root passwords during the install, but doesn't say so. For example, there are 20 or more spaces to type in the password for root, so if you entered, say, 123smellmycheese456, you'd think you could log in with that password. You can't. We found that SmoothWall requires passwords of 6-8 characters, and even if the installer allows more, you can't get in.

To be fair, the folks at SmoothWall, Ltd. tell us no one else has ever experienced this problem. Just our luck, I guess. We were able, after the install, to log in as root and change the passwords to a longer combination. But those hours are gone to us forever.

Next, we found that we needed to be on the network to start configuring the firewall, so the firewall software could call home and configure SmoothHost. One of the cardinal rules of firewall configuration is to keep it off the network until all the rules are set up and configured, and yet we had to let it open to the world.

Again, to be fair, this is how SmoothWall Corporate Server checks to be sure it has got a valid license, but it's still weird that we had to open it up before we were sure it was safe to take it out of a controlled environment.