I know I too am coming into this late, but let me offer a couple of thoughts.
Basically, I think Matt's standards are a bit too high. He writes:
Well, of course not. Offhand, I can't think of ANY sysadmin chore that I (and Matt, surely, as well as most if not all of us here) cannot do from the command line. Unix was built that way, and Linux and LEAF inherited that ability. If a Web-based interface (or any other GUI-based one) is needed, it is to *simplify* router/firewall management, in the sorts of ways that the router-in-a-box products from Linksys, D-Link, Netgear and others do ... not to make management *possible*.Honestly I can't think of anything I need to do remotely over a web config program once the system is booted that I can't do with ssh. But that's why I'm asking.
Router management tasks fall into two large categories:
1. Initial setup of the router.
The cheap home routers (I've looked at both Netgear and D-Link ones, but I assume they are representative) make Web-based initial configuration possible by forcing the use of a particular network (on the D-Link, 192.168.0.0/24) for the LAN, at least when first activated. This way, any host with a suitable IP address (which it can get from the router using DHCP) can connect to the router and use any modern browser to access its Web-based interface. Here, one can set up the usual things: external address (static, DHCP, PPPoE), internal address and network, MAC-address spoofing (if needed for ISP authentication) or other authentication options, some port forwarding ... all the usual stuff. Also setting up 802.11b stuff for the ones that support wireless LANs.
These embedded devices don't have a couple of setup requirements that LEAF routers will normally have, such as:
A. The need to specify NIC modules or anything else that customizes the software to the hardware (since the hardware and software are a package, that's done at the factory).
B. The flexibility to do something other that NAT'd routing (they are all geared to 1-address cable, DSL, or dial-up service).
C. The need to figure out a way to save the configured system. The embedded devices use NV-RAM of some sort. LEAF devices might use a DoC, a floppy, a burned CD, or other things I'm not thinking of this morning.
All in all, using a Web-based initial-setup program for a stock LEAF router (one based on unmodified Bering or Dachstein) looks to me like more trouble than gain. On a home-built LEAF router, too much work has to be done *before* a browser can connect via the LAN interface to make browser-based setup a valuable addition. Any work here will most likely support, in practice, specific LEAF-based systems that make particular hardware decisions in advance of configuration (making them more like the embedded-system routers).
2. Ongoing management of the router.
Here is where I think LEAF can gain a lot from supporting a good GUI. Non-expert users can gain the benefits of a nice interface that facilitates:
A. Modifying port-forwarding rules (e.g., to handle a new game or p2p service, or to change an internal server assignment).
B. Reviewing logs and other evidence of break-ins.
C. Updating info on the external interface (if you have a static address, you may need to change the external DNS servers from time to time, or the external mail server if you use POP/IMAP downloads).
D. Changing DHCP server settings ... e.g., to make more, or fewer, addresses assignable via DHCP, or to associate particular IP addresses with particular MAC addresses (this so on-LAN servers can have stable IP addresses).
There surely are other ongoing tasks too ... especially for a wireless LAN that attempts to include some security features, or systems with substantial DMZs ... but A and B are the two things I find I actually do on my router here. (And yes, I do them using ssh ... but that I do them that way doesn't make ssh-based shell logins the *best* way to do them.)
It is here, management of the LEAF router *after* initial setup, where I think a nice Web-based GUI can make life easier for network managers. The key is the "nice" part. I haven't looked at the weblet, or any of its cousins, for some time, so my specific design thoughts are way out of date. Going back a ways, it seemed to me that the interface they offered did not make management any easier than management via command line.
But UI design, particular browser-based UI design, has come a long way recently. The newer weblet package may well already incorporate the same sorts of improvements I have seen in devices like the D-Link. With modern UI design, it should be quite able to make ongoing management of a LEAF router a lot easier than command-line access permits.
Good UI design can also improve some of the "behind the curtain" elements of LEAF. A nice example turned up on the leaf-user list just yesterday -- a Dachstein user needed to change his LAN network from the default 192.168.1.0/24 to 10.10.10.0/24 . To do this one change, he had to make about a dozen changes to network.conf, the dhcpd config file, and maybe more (Charles provided a good list for him). This is really bad design; it should not be necessary to enter the *same* number in several different places. The back end to a Web-based configuration UI can deal with this sort of problem.
Apologies in advance (mainly to Eric) if his new Weblet already incorporates the sort of functionality I'm suggesting here. I'll be diligent about taking a look at it before I ramble on any further about this. But Matt's raising the core question of why we even need a config GUI got me thinking, and I wanted to offer at least some preliminary ideas while I was motivated to write.
At 10:52 AM 1/31/03 -0800, Matt Schalit wrote:
In an effort to define the problem, which presumably is a
lack of ability to administer a LEAF box in other ways, I'm
asking for the top 5 things you'd like to be able to administer?
Here are mine:
1) Install boot modules before ever booting LEAF
2) Install nic modules before ever booting LEAF
3) Alter /etc/network/interfaces before ever booting LEAF
4) Alter syslinux.cfg before ever booting LEAF
5) Set root password before ever booting LEAF
6) Config sshd and set it to load before ever booting LEAF
7) Alter /etc/resolv.conf before ever booting LEAF
Honestly I can't think of anything I need to do remotely
over a web config program once the system is booted that
I can't do with ssh. But that's why I'm asking.
-- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
