Smoothwall on XenServer 7.1



  • So I worked out it needed HVM enabled, so I used the Debian 8 template, which gets the setup going. However it won't detect the HDD controller and therefore I cannot get it installed.

    Anyone gotten Smoothwall to run as a VM in Xen? If so, how did you get the HDD to be detected?

    The setup does allow for me to insert a driver floppy, but I am unsure about where I'd get the drivers and how would I attach a virtual floppy drive to Xen.



  • I'd give it a try in my lab, but without a non-metered internet connection atm....

    stupid wind....



  • @DustinB3403 said in Smoothwall on XenServer 7.1:

    I'd give it a try in my lab, but without a non-metered internet connection atm....

    stupid wind....

    We have squirrels not wind here, but I feel your pain!



  • Instead of SmoothWall, have you considered VyOS?



  • @NerdyDad

    Thanks for the suggestion, but we're stuck with Smoothwall, mostly for the content filtering and we've allready paid them for about 100 years of support (well not really, but definitely for the next 3 yrs).



  • Are you using
    -- quiet console=hvc0
    in the vm setup in XS?
    0_1489526111616_upload-44c0587e-3b1e-4f05-8bd3-aabba661331c
    I always have a problem with Debian if i dont do this.



  • @momurda said in Smoothwall on XenServer 7.1:

    -- quiet console=hvc0

    I am not getting the option to enter that, though I suspect that has to to with it being in HVM mode (rather than PV mode). From what I found in the net, it needs to be in HVM mode.



  • HVM is needed. I remember that PV support is not included.



  • You would set this during vm creation not after it is built. It is the option for XS puts in for most Debian based templates, i suspect for this very reason you are having.
    Also, using the Other Install Media option template usually fixes most problems in my experience.
    Disclaimer: i am still on 6.5



  • I agree. The Debian template might be part of the cause here.



  • I used the Debian 8 template and the Other templates, both had the same effect. The Debian 8 Template does not give me the option to out that string in that field nor the Other Install template, but both result in no HDD controller found.

    Both the Debian 6 and 7 (I tried the 64bit and 32bit templates) create a PV VM and that fails to boot from the CD (though it does give me the option to add -- quiet console=hvc0).



  • Even if you get it to install, it will lack drivers making it terrible for firewall performance. I'd drop Smoothwall, looks like they don't support this. Too many better options out there. If their paid support isn't resolving this for you it's just money lost. Look at VyOS or maybe pfSense.

    https://smoothwall.uservoice.com/forums/145832-smoothwall/suggestions/3345744-add-support-for-citrix-xenserver-tools



  • @Reid-Cooper

    In a perfect world this is what I'd do. However, neither VyOS or pfSense offer a solid web filter, which is the primary reason we went with Smoothwall.

    Their support told me that they run it on VMWare all the time, and could not think of any reason why Xen would be an issue, though they have not done it, nor have certified it.

    That said, I have not called them to ask just yet, I thought I'd see if anyone else has had any ideas about it first.



  • The issue that their support should have told you appears to be that they strip out the Xen PV kernel as well as the necessary drivers to work on Xen. I don't know what Os they build upon, but whatever they are using they are removing the Xen components.



  • I think you will need to use the older templates for this. Debian 8 was not released in 2014, which is when the final release of smoothwall 3.1 was finished.



  • @momurda

    Nope, that's the community (free) version, it is actually significantly different from the commercial version.

    @Reid-Cooper said in Smoothwall on XenServer 7.1:

    The issue that their support should have told you appears to be that they strip out the Xen PV kernel as well as the necessary drivers to work on Xen. I don't know what Os they build upon, but whatever they are using they are removing the Xen components.

    Right, that is what I was worried about. It is based on Debian and it would not surprise me that they would have done that. I'll check in with them on it, but this maybe the end of my testing on this and if so, then I'll need to stick with a physical Smoothwall server.


  • Service Provider

    I had to look up about their web filtering. Looks like it is nothing like it was in the past. New product that they've added in that they did not used to have.



  • Couldn't something like Untangle work for you? ;-)



  • How about something like Squid, clearOS, or Untangle?


  • Service Provider

    @NerdyDad said in Smoothwall on XenServer 7.1:

    Couldn't something like Untangle work for you? ;-)

    SmoothWall has a new and proprietary web filtering technology. Untangle and those others don't offer a competitive service.



  • @scottalanmiller said in Smoothwall on XenServer 7.1:

    @NerdyDad said in Smoothwall on XenServer 7.1:

    Couldn't something like Untangle work for you? ;-)

    SmoothWall has a new and proprietary web filtering technology. Untangle and those others don't offer a competitive service.

    Precisely. SmoothWall's filtering is heuristic based rather than a traditional blacklist/whitelist type thing.

    Plus we've paid them, a lot, so switching now is not really a possibility.

    The frustrating thing here is that they have built in support for VMWare, but not Xen.



  • @jrc Yes that is weird. It means that nobody that use their own version of Xen or those that use XS can use Smoothwall. It is severely limiting their potential customer base. I understand XS only has like 3% market share vs VMWare and HyperV, but Xen/Xenserver users really like it.

    I still think you could get this going with one of the templates in XS with a bit of work.


  • Service Provider

    @jrc said in Smoothwall on XenServer 7.1:

    Plus we've paid them, a lot, so switching now is not really a possibility.

    This part undermines your other arguments. This is the sunk cost fallacy and should have no effect on a business decision. The other bit, about the quality of the filtering, is important. This, however, cannot be. Even if you paid them a billion dollars, that money is lost and no longer a factor going forward.


  • Service Provider

    @momurda said in Smoothwall on XenServer 7.1:

    @jrc Yes that is weird. It means that nobody that use their own version of Xen or those that use XS can use Smoothwall. It is severely limiting their potential customer base. I understand XS only has like 3% market share vs VMWare and HyperV, but Xen/Xenserver users really like it.

    I still think you could get this going with one of the templates in XS with a bit of work.

    I don't know how much that affects them. Virtualizing firewalls is rare enough, Xen is not the top hypervisor and SmoothWall is so small that I'm surprised they are still around. All around, probably not a big deal to them.


  • Service Provider

    @jrc said in Smoothwall on XenServer 7.1:

    The frustrating thing here is that they have built in support for VMWare, but not Xen.

    That's minor. The REALLY frustrating part is that they REMOVED support for Xen!



  • @scottalanmiller

    I completely agree.

    However in Education you have to work with what you've got and convincing the board to scrap a $10k licence to shell out for a different $10k one would be kind of hard without serious compelling reason. Lack of Xenserver support would not be compelling enough I think.



  • @NerdyDad Untangle has this exact issue in Citrix Xenserver 6.5 and 7.1, been here before. Was going to virtualize Untangle. It didn't work, so I left it on its own box as it was working fine. Once the need arises for me to get it to work I will tackle it. Reid Cooper hit it on the head the Xen PV kernel is stripped out of Untangle too. Works fine in VMWare, and KVM.


  • Service Provider

    @PenguinWrangler said in Smoothwall on XenServer 7.1:

    @NerdyDad Untangle has this exact issue in Citrix Xenserver 6.5 and 7.1, been here before. Was going to virtualize Untangle. It didn't work, so I left it on its own box as it was working fine. Once the need arises for me to get it to work I will tackle it. Reid Cooper hit it on the head the Xen PV kernel is stripped out of Untangle too. Works fine in VMWare, and KVM.

    Should, in theory, be able to get it working with HVM. But it still needs drivers.


  • Service Provider

    @jrc said in Smoothwall on XenServer 7.1:

    However in Education you have to work with what you've got and convincing the board to scrap a $10k licence to shell out for a different $10k one would be kind of hard without serious compelling reason.

    Compelling reason is "best meets our needs." Saying that educators are too uneducated to understand high school level math and economics is a sad state of affairs. They teach why they should not even consider that in high school :) Maybe they need to start back over in ninth grade before being in these decision making positions.



  • @scottalanmiller said in Smoothwall on XenServer 7.1:

    @PenguinWrangler said in Smoothwall on XenServer 7.1:

    @NerdyDad Untangle has this exact issue in Citrix Xenserver 6.5 and 7.1, been here before. Was going to virtualize Untangle. It didn't work, so I left it on its own box as it was working fine. Once the need arises for me to get it to work I will tackle it. Reid Cooper hit it on the head the Xen PV kernel is stripped out of Untangle too. Works fine in VMWare, and KVM.

    Should, in theory, be able to get it working with HVM. But it still needs drivers.

    True, but as it was running fine on the hardware they had. I couldn't justify the time and cost to my client. I honestly want to move them off of Untangle. It is fine but their upgrade process has made me very upset. That though should be an entirely different thread.


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.