Traffic Shaping

Hi i have the following setup:

We are in an office with about 150 computers; we are using Monowall as our firewall.
We are also using Monowalls DHCP service.
We also do not want our staff to be able to upload large files to the internet (anything above 100 mb).

All though we have some people in our office that need to upload large files and i have set the up as pass thru Mac.
I have also created user accounts in captive portal.

Now when i start the portal service some of the users can get to the login screen but most cannot and only some of the pass thru Mac client can use the internet with no problem total 12 of 150 people can use the internet if i turn on the portal.
Anyone know what the problem could be?

[Maximum concurrent connections]

Anyone know what the problem could be?

Without being an expert, the first thing that pops into my mind is the Captive portal settings:
Maximum concurrent connections - Default is to only allow 16 total connections to the portal's web interface.  That means an absolute maximum of 16 people will be able to  get to the portal in a given time period.  This is probability #1 I think.

What authentication means are you using? Internal user manager or RADIUS?


Are ALL the client PCs using DHCP addresses?  Is it possible some are setup with static IPs/DNS/gateway?  DHCP is preferred, but the important thing is the DNS server on each PC needs to be set to the LAN IP of monowall in order to be re-directed to the portal.  Do you have the DNS forwarder turned on?

Do you have multiple subnets or other routers on the LAN?  You will need an outbound NAT rule to allow add'l subnets

How are you accomplishing the ban on uploading files larger than 100mb?  I've never heard of any such capability on a network level.  Pass thru MAC will just allow users to be able to access the Internet without having to authenticate with the captive portal - just as if the portal was not turned on.

Regards,
Aaron