Sorry about my lateness in responding, but I was out of town for the last several days. This post will consolidate reply's from several posts in my absence.
Comments are inline ;-) > Security: This is critical if external access is to be provided, but > not really an issue if the internal network is trusted. While SSL > would be ideal for encrpting external sessions, let's not forget > about ssh. If you already have ssh installed, it's possible to tunnel > through ssh to access an un-encrypted weblet running on an internal > private-IP port remotely. This requires ssh in addition to a > web-browser on the remote system, but is quite workable. NOTE: The > Cygwin ssh client from RedHat works just fine for this sort of thing > if you're running a windoze platform. ssh would be ideal, except on floppy images. Maybe zebedee is going to be the best option for remote floppy administration @61KB. See later section. > Funtionality: It would really be nice if the web server supported > the POST method. There is no fundamental reason why you can't do > this with shell-script, and I believe it's already been done. James Sturdevant posted POST support in patch form to the list a while back. I think this will work fine. > Performance: The sh-httpd server is kind of slow when serving up CGI > pages. This is due to the way the shell-script handles spawning the > child CGI process, and checking to see if it's finished. I think > this can be re-architected to perform much better...when I was > working on sh-httpd, I didn't know I could open multiple file-handles > in shell-script, which makes the above problem easier. I don't think much CGI would be required with the use of forms, ash scripts, and limiting access to localhost. > CGI Scripts: Since it's unlikely that LEAF systems will start > including perl, python, or anything similar in the near future > (mainly due to space constraints), I think shell-scripts are the best > choice for CGI's. If there's something that can't quite be done with > sed/grep/dd, I would probably suggest using mawk, which I already > have packaged (required by IPSec), and which weighs in at 45,956 > bytes (compressed). I agree 100% with that statement. I am using forms (of course), which POST on individual lines. I think sed and stock ash are fine w/o needing mawk. The forms would use stock variables (ie... eth0_IP_ADDR) when the "option" sets a single variable and a new variable to set several "stock" variables when applicable (ethernet-dhcp, ppp-dhcp, etc...). The added scripting needed to interpret the added variables would be put in network.conf. As far as changes to the network.conf "standard", I propose modularizing certain sections of declared variables into their own form/conf file, then "sourcing" these new conf files into the "script-only" network.conf file. Example of the break-up of network.conf would be something along the lines of "base-config, advanced-net, qos, and dmz." This will minimize the amount of needed CGI code run. This would also allow for a CLI-config set of scripts so that you can edit all configuration on the LEAF machine itself with the same ash/cgi scripts that the web-based admin uses. Thoughts??? > Modularity: Seems like a good thing! The more flexable the > architecture, the more likely it is to meet the various needs of the > pretty diverse user base we have for LEAF. This will likely be the only way to keep it on a floppy image. This would also help with portability between different versions of LEAF. It would allow for saving each "module" individually, so that small changes would use minimal resources and accidental errors would be less of an issue. We could also add a link to a "config-barf" CGI file that could auto-magically post comments+config information via a web-form to the mailing list. My use of starting with DF is simply that I am very familiar with the release and my lack of knowledge with Shorewall. Bering would likely be easier to work with, however most code should be relatively portable with variable & conf file name changes. I expect with the amount of people that are willing to work on this, that parallel development between releases will be no problem. Scott, I love your idea.... this would be beautiful in environments that would have a server available However, a huge amount of our users will not, so we are simply working around the requirment of hand editing configuration in a minimal amount of disk-space. I'm hoping something that is stand-alone on a floppy is possible. At 10:31 PM 6/26/02 +0200, Erich Titl wrote: >I am playing around with weblet to get some kind of a web based >configuration. Authentication is certainly an issue there and I am very >interested in anything that should come up in that aspect. Let's consider this..... only a certain set of machines *should* be allowed access to configuration period. Weblet/sh-httpd allows for setting allowed hosts in the present configuration and anything remotely administered *should* be tunneled, not just authenticated. I am proposing the use of 127.0.0.1 (localhost) for use of web-config within the scope of allowed host(s) for Weblet/web-config and the use of zebedee for remote access through any other machine... LAN or WAN. The authentication is built into zebedee and ALL information is encrypted. On Friday 28 June 2002 08:42, Joey Officer wrote: > Last night at home I wasn't sure if the message was even going to go > through. Glad it did! I'm not very familiar with CGI, or really > anything html (I can write 'hello world', that's about it!), but from > my experience w/ mrtg, I was under the impression that it was Perl > based. If this is the case, how would you run a similar type > program? Any interpreted executable can be CGI, be it shell, perl, C, <whatever>. On Friday 28 June 2002 00:44, Richard Amerman wrote: > guitarlynn, > > Did you ever spend any more time playing with mosquito and its > webadmin piece? I'm now more up to date > with some of the weblet discussions in the past few months. Yes, but it doesn't allow for configuration on the router itself and is written mostly in Jscript. This is not the direction I would like to take. On Friday 28 June 2002 00:16, Richard Amerman wrote: > What if we modified the architecture of Weblet so that you can add > standard plugins (in the format of the standard LEAF pachage format, > LRP for now). Actually, with the packaging system the only hard part would be links from index.html. > I did a bit of checking into alternitives to Weblet (by no means > exaustive) and it looks like sh-htppd (weblet) might still be the > best answer. The only other option I've found likely is thttpd if we are using compiled CGI scripting. I really do not think this will be necessary either. OK, that does it for now.... any ideas or other other thoughts??? ~Lynn -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
