Bug 83704 - RFE: connection sharing wizard needed
Summary: RFE: connection sharing wizard needed
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Chris Lumens
QA Contact:
: 122589 (view as bug list)
Depends On:
Blocks: 87718
TreeView+ depends on / blocked
Reported: 2003-02-07 09:53 UTC by Julien Olivier
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2005-02-10 19:47:29 UTC
Type: ---

Attachments (Terms of Use)
Patch to be applied to the sources from system-config-securitylevel-1.4.18-2.src.rpm (16.48 KB, patch)
2005-02-10 06:11 UTC, Gabriel Schulhof
no flags Details | Diff

Description Julien Olivier 2003-02-07 09:53:30 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202

Description of problem:
I wish there was a wizard to set up connection sharing.

For example, if I have a PPP connection, I should be able to share it within my
local network. The wizard should set ip_forward to "1", install and configure
DHCPD with the right DNS etc...

All the user should see is a "[X] Share this connection" checkbox.

Thanks !

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Additional info:

Comment 1 Gabriel Schulhof 2005-02-09 23:06:19 UTC
Another approach might be this:
In the system-config-securitylevel, there is a tab for firewall setup. The
following addition could be made to the "trusted interfaces" UI. For each
interface marked as "trusted", a checkbox could be made visible/sensitive to
turn on masquerading of packets coming from that interface. That is, for each
trusted interface, for packets coming from the subnet represented by the
interface, a MASQUERADE rule could be added to the NAT table, like so:

For each trusted interface that has this proposed checkbox checked:

iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if0>
--destination ! <subnet_from_trusted_if0> -j MASQUERADE
iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if1>
--destination ! <subnet_from_trusted_if1> -j MASQUERADE
iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if2>
--destination ! <subnet_from_trusted_if2> -j MASQUERADE

Comment 2 Gabriel Schulhof 2005-02-10 06:09:08 UTC
I have spent the evening working on system-config-securitylevel, and I have come
up with both a UI (newt and python) as well as the necessary config file
maintenance (reading of /etc/sysconfig/sytem-config-securitylevel and generation
of /etc/sysconfig/iptables) to implement MASQUERADE-ing of trusted interfaces.

A patch follows.

Comment 3 Gabriel Schulhof 2005-02-10 06:11:29 UTC
Created attachment 110911 [details]
Patch to be applied to the sources from system-config-securitylevel-1.4.18-2.src.rpm

This patch modifies both the python UI from system-config-securitylevel, as
well as the newt UI from lokkit. It also properly handles reading of the new
information from the config files, as well as correctly generating
/etc/sysconfig/iptables .

Comment 5 Chris Lumens 2005-02-10 16:36:45 UTC
*** Bug 122589 has been marked as a duplicate of this bug. ***

Comment 6 Chris Lumens 2005-02-10 19:47:29 UTC
Thanks for the patch.  It's been merged into rawhide for testing.

Note You need to log in before you can comment on or make changes to this bug.