From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202 Description of problem: I wish there was a wizard to set up connection sharing. For example, if I have a PPP connection, I should be able to share it within my local network. The wizard should set ip_forward to "1", install and configure DHCPD with the right DNS etc... All the user should see is a "[X] Share this connection" checkbox. Thanks ! Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: N.A. Additional info:
Another approach might be this: In the system-config-securitylevel, there is a tab for firewall setup. The following addition could be made to the "trusted interfaces" UI. For each interface marked as "trusted", a checkbox could be made visible/sensitive to turn on masquerading of packets coming from that interface. That is, for each trusted interface, for packets coming from the subnet represented by the interface, a MASQUERADE rule could be added to the NAT table, like so: For each trusted interface that has this proposed checkbox checked: iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if0> --destination ! <subnet_from_trusted_if0> -j MASQUERADE iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if1> --destination ! <subnet_from_trusted_if1> -j MASQUERADE iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if2> --destination ! <subnet_from_trusted_if2> -j MASQUERADE ...
I have spent the evening working on system-config-securitylevel, and I have come up with both a UI (newt and python) as well as the necessary config file maintenance (reading of /etc/sysconfig/sytem-config-securitylevel and generation of /etc/sysconfig/iptables) to implement MASQUERADE-ing of trusted interfaces. A patch follows.
Created attachment 110911 [details] Patch to be applied to the sources from system-config-securitylevel-1.4.18-2.src.rpm This patch modifies both the python UI from system-config-securitylevel, as well as the newt UI from lokkit. It also properly handles reading of the new information from the config files, as well as correctly generating /etc/sysconfig/iptables .
P.S.: RPMs reflecting this modification are located here: ftp://qcadesigner.ca/incoming/system-config-securitylevel-1.4.18-2.i386.rpm ftp://qcadesigner.ca/incoming/system-config-securitylevel-1.4.18-2.src.rpm ftp://qcadesigner.ca/incoming/system-config-securitylevel-debuginfo-1.4.18-2.i386.rpm ftp://qcadesigner.ca/incoming/system-config-securitylevel-tui-1.4.18-2.i386.rpm
*** Bug 122589 has been marked as a duplicate of this bug. ***
Thanks for the patch. It's been merged into rawhide for testing.