So we were still having issues getting wireless to work with the Netgear thing, even with nothing else to do, so I’ve tossed it into the cheap junk network equipment pile. In its stead will be a managed access point in plenum chassis that should hopefully be a little more … well … useful. In keeping with this, I’ve now installed a FreeRadius server on my file server, which my router can now talk to. First off, this lets me set up a captive portal, so any traffic that makes it onto the DMZ, be it over wired ethernet or wireless, has to go through a “hi, who the hell are you, and why should I give you Internet access?” chokepoint. Second, it lets me use WPA enterprise, rather than pre-shared keys. Now, the challenge will be deciding whether to do that, or just use WEP or no encryption at all on the access point and instead trust any user to only connect via VPN (which, coincidentally enough, m0n0wall also supports) and not care if everything can be tapped.
So that’s one set of things that should soon be working about as optimally as possible. The other thing I managed to do was to get my m0n0wall hooked up to mrtg, so now I get pretty bandwidth charts on WAN/LAN/DMZ, and all of that fun stuff. I’d like to write a module so it can also plot environmental and electrical data from apcupsd, but I’ve yet to figure out how pliant it is for stuff that’s not providing a native SNMP feed (and I’m not purchasing the SNMP management module for the UPS).
Update: That was easy; I just wrote an mrtg filter to read my apcaccess output, and now I’m plotting environmental/charge/load/linev. Sweet.