[ previous ] [ next ] [ threads ]
 
 From:  Paul Taylor <PaulTaylor at winn dash dixie dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Our enhancements to Monowall - Released!
 Date:  Thu, 1 Sep 2005 14:31:20 -0400
We are very proud to release version 2.2 of our enhanced Monowall image, our
first public release.  We would absolutely love it if all of our
enhancements make it into the base Monowall image.  

 

Enhancements:

 

1. Sub-Admin Users:  The webGui now allows multiple users, configurable by
the admin user via the webGui.  Each user can have their permissions
controlled on a per-page level.  Users can be created and have their page
permissions updated via checkboxes on the System > User Manager link,
available only to the admin user.  In a corporate setting this lets various
departments take on their own roles.  For example, a Security department
might be in charge of the Captive Portal users, and Network Operations might
be given access to the Diagnostics and Status pages.  In addition,
individual users may modify their own password via the webGui.  (Assuming
they have permissions for that page.)

2. Adaptive Menus: The menu structure has been overhauled to be completely
dynamic.  A user will only be presented with menu items that they have
access to view. The left menu still has the familiar Monowall menu
structure, but items will not appear if the user doesn't have access.  

3. Adaptive Tabs: All pages with Tabs (such as the Logs page) now have
dynamic tabs.  Only tabs to which the user has access will be displayed.

4. Captive Portal Element Manager:  You can now host images and css files
directly from the Monowall machine by using the Element Manager.  After
uploading your captive portal login and error pages, simply select the
"Element Manager" tab under Captive portal.  There, you will be presented
with a list of all detected page elements, with whether or not the files
exist (and if so, their size), along with the opportunity to upload or
delete the actual image and css files.  Once uploaded, all elements are
stored in the config.xml file and placed in the captive portal directory.
The Captive Portal index page is called each time a user's browser requests
a page element.  This way, it knows which are valid elements and will upload
them to the user.  This eliminates the need to have a separate web server to
simply server up images for Captive Portal pages.  In addition, HTTPS
traffic will now 

5. The ability to disallow concurrent logins of the same username via the
Captive Portal.

6. ARP table page:  This page displays the ARP table of the Monowall, along
with the hostname of devices which are in the DHCP Leases file.

7. Traceroute page

8. NS Lookup page: Server field is auto-populated.  This hasn't been tested
on a DHCP system yet, but should work.

9. Whois page

10. Firewall States page:  For advanced troubleshooting...  It shows the
Source IP, Port, Destination IP, Port, Protocol, Packets, Bytes, and
Time-to-live.

 

This is perhaps the best feature for troubleshooting an individual user
problem...  Here you can see all connections live (as fast as you refresh
the page), sort by whichever column you want, ascending or descending,
filter on source or destination IP Address by clicking the desired IP
Address, and take Statistics Snapshots to view Delta packet and byte info. 

11. Exit to Shell:  Option on the console to get to the underlying shell.

12. SSH access with Authorized keys:  On the Advanced screen, you can enable
SSH and paste in an Authorized keys file to allow root SSH access.  To go
along with this, we've included a minimalist termcap file (about 1K in size)
instead of the standard 200+K file.  This has enough terminal definitions to
allow you to use either the console or SSH to run applications like top and
vi.  This termcap file is also required for the Firewall States page.

 

At this time, we are releasing a generic PC image:

www.addressplus.net/generic-pc-1.2b9.wd2.2.zip
<http://www.addressplus.net/generic-pc-1.2b9.wd2.2.zip> 

 

Within the next few days or so, I'll try to get a net4801 image compiled and
release it as well.

 

Paul