Hello Ray Matt, first of all thanks for your reactions.
> I know I too am coming into this late, but let me offer a couple of thoughts. > > Basically, I think Matt's standards are a bit too high. He writes: > > >Honestly I can't think of anything I need to do remotely > >over a web config program once the system is booted that > >I can't do with ssh. But that's why I'm asking. > > Well, of course not. Offhand, I can't think of ANY sysadmin chore that I > (and Matt, surely, as well as most if not all of us here) cannot do from > the command line. Unix was built that way, and Linux and LEAF inherited > that ability. I completely agree with this, but there are a quite a few people questioning for a webinterface. I myself only use ssh and a direct terminal line ;) If a Web-based interface (or any other GUI-based one) is > needed, it is to *simplify* router/firewall management, in the sorts of > ways that the router-in-a-box products from Linksys, D-Link, Netgear and > others do ... not to make management *possible*. Here I agree also, and this isn't yet realized with my weblet ;( untill now it is more editing like the commandline interface with the preventing typo's ( by replacing them by checkboxes). But as I said in my primary post it was first of all ment as a "proof of doability" (exists this word ? ) > Router management tasks fall into two large categories: > > 1. Initial setup of the router. > > The cheap home routers (I've looked at both Netgear and D-Link ones, but I > assume they are representative) make Web-based initial configuration > possible by forcing the use of a particular network (on the D-Link, > 192.168.0.0/24) for the LAN, at least when first activated. This way, any > host with a suitable IP address (which it can get from the router using > DHCP) can connect to the router and use any modern browser to access its > Web-based interface. Here, one can set up the usual things: external > address (static, DHCP, PPPoE), internal address and network, MAC-address > spoofing (if needed for ISP authentication) or other authentication > options, some port forwarding ... all the usual stuff. Also setting up > 802.11b stuff for the ones that support wireless LANs. > These embedded devices don't have a couple of setup requirements that LEAF > routers will normally have, such as: > > A. The need to specify NIC modules or anything else that > customizes the software to the hardware (since the hardware and software > are a package, that's done at the factory). > B. The flexibility to do something other that NAT'd routing (they > are all geared to 1-address cable, DSL, or dial-up service). > C. The need to figure out a way to save the configured system. The > embedded devices use NV-RAM of some sort. LEAF devices might use a DoC, a > floppy, a burned CD, or other things I'm not thinking of this morning. Obviously you slept good and are very clear now ;) Exactly and here a webgui is not very helpfull as it hasn't got a connection to the network in the critical phase > All in all, using a Web-based initial-setup program for a stock LEAF router > (one based on unmodified Bering or Dachstein) looks to me like more trouble > than gain. On a home-built LEAF router, too much work has to be done > *before* a browser can connect via the LAN interface to make browser-based > setup a valuable addition. Any work here will most likely support, in > practice, specific LEAF-based systems that make particular hardware > decisions in advance of configuration (making them more like the > embedded-system routers). For the initial setup I though of an option too, a simple text file that copies the needed modules in the right place sets up shorewall for the typical configuration pppoe, ppp etc. and sets and copies in modules. So to make the system bootable and give it the possibility to connect to the net. > 2. Ongoing management of the router. > > Here is where I think LEAF can gain a lot from supporting a good GUI. > Non-expert users can gain the benefits of a nice interface that facilitates: > > A. Modifying port-forwarding rules (e.g., to handle a new game or > p2p service, or to change an internal server assignment). > B. Reviewing logs and other evidence of break-ins. > C. Updating info on the external interface (if you have a static > address, you may need to change the external DNS servers from time to time, > or the external mail server if you use POP/IMAP downloads). > D. Changing DHCP server settings ... e.g., to make more, or fewer, > addresses assignable via DHCP, or to associate particular IP addresses with > particular MAC addresses (this so on-LAN servers can have stable IP addresses). agreed again and exactly here I wanted the discussion about what is usefull to implement and what is useless. I opted for most parts the use of a limited form with checkboxes and input boxes for some functions ( average user) and the option to edit the original config file in a text window ( "powers user") > > There surely are other ongoing tasks too ... especially for a wireless LAN > that attempts to include some security features, or systems with > substantial DMZs ... but A and B are the two things I find I actually do on > my router here. (And yes, I do them using ssh ... but that I do them that > way doesn't make ssh-based shell logins the *best* way to do them.) > > It is here, management of the LEAF router *after* initial setup, where I > think a nice Web-based GUI can make life easier for network managers. The > key is the "nice" part. I haven't looked at the weblet, or any of its > cousins, for some time, so my specific design thoughts are way out of date. > Going back a ways, it seemed to me that the interface they offered did not > make management any easier than management via command line. > > But UI design, particular browser-based UI design, has come a long way > recently. The newer weblet package may well already incorporate the same > sorts of improvements I have seen in devices like the D-Link. With modern > UI design, it should be quite able to make ongoing management of a LEAF > router a lot easier than command-line access permits. > > Good UI design can also improve some of the "behind the curtain" elements > of LEAF. A nice example turned up on the leaf-user list just yesterday -- a > Dachstein user needed to change his LAN network from the default > 192.168.1.0/24 to 10.10.10.0/24 . To do this one change, he had to make > about a dozen changes to network.conf, the dhcpd config file, and maybe > more (Charles provided a good list for him). This is really bad design; it > should not be necessary to enter the *same* number in several different > places. The back end to a Web-based configuration UI can deal with this > sort of problem. > > Apologies in advance (mainly to Eric) if his new Weblet already > incorporates the sort of functionality I'm suggesting here. I'll be > diligent about taking a look at it before I ramble on any further about > this. But Matt's raising the core question of why we even need a config GUI > got me thinking, and I wanted to offer at least some preliminary ideas > while I was motivated to write. No reason to apologize, as it hasn't the functionality yet, allthough this is relativ easy to implement. > At 10:52 AM 1/31/03 -0800, Matt Schalit wrote: > > >In an effort to define the problem, which presumably is a > >lack of ability to administer a LEAF box in other ways, I'm > >asking for the top 5 things you'd like to be able to administer? > > > > Here are mine: > > > > 1) Install boot modules before ever booting LEAF > > 2) Install nic modules before ever booting LEAF > > 3) Alter /etc/network/interfaces before ever booting LEAF > > 4) Alter syslinux.cfg before ever booting LEAF > > 5) Set root password before ever booting LEAF > > 6) Config sshd and set it to load before ever booting LEAF > > 7) Alter /etc/resolv.conf before ever booting LEAF > > > > > >Honestly I can't think of anything I need to do remotely > >over a web config program once the system is booted that > >I can't do with ssh. But that's why I'm asking. Ofcourse you can do it with ssh ( that is exactly how I do it, and even how I created the weblet) But there also people that don't want to use ssh. That simple want to fire up a browser and set the name, network address and click on the ports they want to open and that 's it. The weblet ( if it is ready) should be doing that. And the form I choose makes it possible to just ignore the tool and never even install it ;) > > -- > -------------------------------------------"Never tell me the odds!"-------- > Ray Olszewski -- Han Solo > Palo Alto, California, USA [EMAIL PROTECTED] > ------------------------------------------------------------------------------- > > > Regards Eric Wolzak member of the Bering Crew ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
