OK ... this is how we're going to have our m0n0wall setup. Any
suggestions would be appreciated.
LAN1 <--------- m0n01 -----------> WAN
LAN2 <--------- m0n02 -----------> WAN
Chester.mydomain.edu will be a server that we are setting up only
accessible from LAN1 and LAN2 (LAN1 is a /22 and LAN2 is a /20). We are
using two individual m0n0 boxes (nexcom's). Both will use chester as
their image server, remote syslog server, and (we've recently made some
changes so that...) they will periodically automatically backup their
config files and state tables using scp. Chester will also host the
portal image files.
Also, a mysql server will run on chester and we are having a PHP binary
with mysql support on our m0n0's. When people login to either captive
portal, the portal will check on chester (via mysql) to see if there is a
ban on a username or mac address. Something like:
select count(*) from tblBans where mac_address='.....' or username='....';
This way we can allow our college administration to manage bans on the
m0n0wall boxes without giving them full access to the webGUI. Comments on
We had a quick question though. I wanted to know if there was a way to
make it so that when m0n0 shuts down, it exports the output of ipfstat -io
and the ipfw equivelent (not sure what it is off the top of my head) to a
text file on chester, and then reloads it on boot up. We'd like users who
are authenticated to not get kicked out if we reboot our box.
Other than that one little thing, does everyone feel our solution is a
Thanks in advance for anyone's assistance!