Nice code and idea, I would say not blok but send command and traffic to
another router... :-) another code would require object based communication
for routers... Im thinking to play arpund with PHP sockets, when I'm done
with current project... well I am done at pfSense, will move to mono shortly

-----Original Message-----
From: Imran K [mailto:gururug at gmail dot com] 
Sent: Saturday, November 18, 2006 10:25 PM
To: m0n0wall dash dev at lists dot m0n0 dot ch
Subject: [m0n0wall-dev] AP load balancing

Hi All,

A while ago someone was asking questions about load balancing WAP's.

There were issues with too many clients associating with one ap. Assuming
that your mono has the WiFi interface locally, I thought this pseudo code
might help.

NOTE: I large portion of this issue can be resolved by twaeking the transmit
power of overlapping AP's.

Anyway, the idea is that a watcher script monitors dhcp the lease file and
when a predetermined client number or load is reached, firewall rules are
added to only allow existing associated macs INPUT on the wireless
interface.

i.e.;

if (`cat /etc/dhcp.leases | grep MACS | count`)  >= 30) {
       for $x in `cat /etc/dhcp.leases | grep MACS; do
                    iptables -A INPUT --mac ..... -j ALLOW
     done
}

if (`cat /etc/dhcp.leases | grep MACS | count`)  <= 29) {
       for $x in `cat /etc/dhcp.leases | grep MACS; do
                    iptables stop blocking new macs
     done
}


This feature could be coded into captive portal or another service (dhcp?).
I wonder how much overhead these scripts would place on mono?


You might wonder why not just limit your dhcp scope? well, i think clients
will still try to associate but not get an ip and get stuck.


Interested to hear any feedback on this.



Also meshing AP's and whcking on bgp / ospf may also assist performance in
such a topology.




Kudos



gururug