[SLE] yast network woes

OK, I recently installed a DSL line this past week, and instead of having a cable modem with a single IP address, I now had a small subnet. Wanting to put those new IP addresses BEHIND the SuSE box as a firewall (and yet still have some IP Masquerading available for any OTHER machines who didn't need real IP's), I set out to make it happen. yast turned out to be exactly the WRONG way to go, and I think it can be easily fixed, although I am not a programmer. Some of these are issues both of feature improvements (the suggestions part) and how yast currently handles the inputs I'm talking about (the bugs part). yast tends to silently ignore or mishandle data that it is not prepared to deal with, which is definitely a Very Bad Thing. :) Four suggestions: 1.) Allow host-routes on network interfaces in yast: YAST (updated version for 6.2), will not allow a host-route to be specified on a particular ethernet interface. For example: Int IP Netmask Gateway eth0 192.168.1.2 255.255.255.255 192.168.1.1 eth1 192.168.1.129 255.255.255.128 A host-route out eth0 allows the SuSE box to behave as a firewall via a crossover cable to an upstream router (for example a DSL router). Any time I enter that netmask, YaST silently (and this is my bigger complaint) decides that it knows what is best and changes it to a /24 (255.255.255.0) netmask without telling me. I finally had to change rc.config;/etc/route.conf to manually input the right data, and resign myself to NOT running yast, lest it mess it up again. :) Now admittedly, what I'm REALLY doing is even more ugly than what is above, but what I am doing would have been made easier if yast would accept hostroutes out an ethN interface... What I am doing right now looks similar to (using real addresses though and not these RFC1918 ones): eth0 192.168.1.2 255.255.255.255 192.168.1.1 eth1 192.168.1.2 255.255.255.248 and then eth0 arps for .[3..6], and eth1 arps for .1 This allows me to use my SuSE box as a firewall between my DSL router (.1) and the rest of the /29 I am assigned by my DSL provider. Each side "sees" the rest of the subnet as though it were on the same segment. 2.) Allow for Proxy ARP table additions to be added within yast. It would be wonderful if I could drill down into an interface defined in yast and say "oh yeah, add proxy ARP entries for <ip1>, <ip2>, and/or on this interface". 3.) Allow yast to enable/disable ifconfig flags Although I didn't end up using it, one of my earlier configurations had eth0 (external) set in promiscuous mode. My configuration consisted of setting everything up in yast, and then editting rc.config manually to add the " promisc" portion of the ifconfig flags. If this could be part of an interface drill-down (perhaps the same as the ARP table above... an "advanced settings" drill-down or something) that would make life cool for those who want to use yast, but also need to do more advanced stuff. 4.) Let yast work with subinterfaces/ip-aliases Another thing would be to please, if yast isn't going to actually WORK with subinterfaces/ip-aliases, then don't let yast ACCEPT that info. Another thing I had done was: eth1:0 10.200.1.1 255.255.255.0 Expecting that yast would do the right thing... it completely (silently) ignored that interface when it was bringing up interfaces at boot time. The intent was for there to be four machines behind the SuSE firewall with "real" addresses, and the rest would be on RFC1918 space, masq'ed by the SuSE box. I've got it running, but it was sort of an ugly hack to do, especially considering that all the network code already exists, it just needs to be corrected to also work with IP aliases. :) I'm sure someone will flame me for complaining about yast, but hey, if I don't make suggestions, I don't have a prayer that it will get fixed. :) D -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/