Red Hat Bugzilla – Bug 83704
RFE: connection sharing wizard needed
Last modified: 2007-11-30 17:10:31 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202
Description of problem:
I wish there was a wizard to set up connection sharing.
For example, if I have a PPP connection, I should be able to share it within my
local network. The wizard should set ip_forward to "1", install and configure
DHCPD with the right DNS etc...
All the user should see is a "[X] Share this connection" checkbox.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Another approach might be this:
In the system-config-securitylevel, there is a tab for firewall setup. The
following addition could be made to the "trusted interfaces" UI. For each
interface marked as "trusted", a checkbox could be made visible/sensitive to
turn on masquerading of packets coming from that interface. That is, for each
trusted interface, for packets coming from the subnet represented by the
interface, a MASQUERADE rule could be added to the NAT table, like so:
For each trusted interface that has this proposed checkbox checked:
iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if0>
--destination ! <subnet_from_trusted_if0> -j MASQUERADE
iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if1>
--destination ! <subnet_from_trusted_if1> -j MASQUERADE
iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if2>
--destination ! <subnet_from_trusted_if2> -j MASQUERADE
I have spent the evening working on system-config-securitylevel, and I have come
up with both a UI (newt and python) as well as the necessary config file
maintenance (reading of /etc/sysconfig/sytem-config-securitylevel and generation
of /etc/sysconfig/iptables) to implement MASQUERADE-ing of trusted interfaces.
A patch follows.
Created attachment 110911 [details]
Patch to be applied to the sources from system-config-securitylevel-1.4.18-2.src.rpm
This patch modifies both the python UI from system-config-securitylevel, as
well as the newt UI from lokkit. It also properly handles reading of the new
information from the config files, as well as correctly generating
RPMs reflecting this modification are located here:
*** Bug 122589 has been marked as a duplicate of this bug. ***
Thanks for the patch. It's been merged into rawhide for testing.