[ previous ] [ next ] [ threads ]
 
 From:  Matt Juszczak <matt at atopia dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0wall plan ... final comments?
 Date:  Wed, 3 Nov 2004 20:16:50 -0500 (EST)
OK ... this is how we're going to have our m0n0wall setup.  Any 
suggestions would be appreciated.


LAN1 <--------- m0n01 -----------> WAN
 		  |
 		  |
 		  |
 		  |

           CHESTER.MYDOMAIN.EDU

 		  |
 		  |
 		  |
 		  | 
LAN2 <--------- m0n02 -----------> WAN



Chester.mydomain.edu will be a server that we are setting up only 
accessible from LAN1 and LAN2 (LAN1 is a /22 and LAN2 is a /20).  We are 
using two individual m0n0 boxes (nexcom's).  Both will use chester as 
their image server, remote syslog server, and (we've recently made some 
changes so that...) they will periodically automatically backup their 
config files and state tables using scp.  Chester will also host the 
portal image files.

Also, a mysql server will run on chester and we are having a PHP binary 
with mysql support on our m0n0's.  When people login to either captive 
portal, the portal will check on chester (via mysql) to see if there is a 
ban on a username or mac address.  Something like:

select count(*) from tblBans where mac_address='.....' or username='....';

This way we can allow our college administration to manage bans on the 
m0n0wall boxes without giving them full access to the webGUI.  Comments on 
this?

We had a quick question though.  I wanted to know if there was a way to 
make it so that when m0n0 shuts down, it exports the output of ipfstat -io 
and the ipfw equivelent (not sure what it is off the top of my head) to a 
text file on chester, and then reloads it on boot up.  We'd like users who 
are authenticated to not get kicked out if we reboot our box.

Other than that one little thing, does everyone feel our solution is a 
good one?

Thanks in advance for anyone's assistance!

Matt