Bug 83704 - RFE: connection sharing wizard needed
RFE: connection sharing wizard needed
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chris Lumens
: FutureFeature
: 122589 (view as bug list)
Depends On:
Blocks: 87718
  Show dependency treegraph
Reported: 2003-02-07 04:53 EST by Julien Olivier
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-10 14:47:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to be applied to the sources from system-config-securitylevel-1.4.18-2.src.rpm (16.48 KB, patch)
2005-02-10 01:11 EST, Gabriel Schulhof
no flags Details | Diff

  None (edit)
Description Julien Olivier 2003-02-07 04:53:30 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202

Description of problem:
I wish there was a wizard to set up connection sharing.

For example, if I have a PPP connection, I should be able to share it within my
local network. The wizard should set ip_forward to "1", install and configure
DHCPD with the right DNS etc...

All the user should see is a "[X] Share this connection" checkbox.

Thanks !

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Additional info:
Comment 1 Gabriel Schulhof 2005-02-09 18:06:19 EST
Another approach might be this:
In the system-config-securitylevel, there is a tab for firewall setup. The
following addition could be made to the "trusted interfaces" UI. For each
interface marked as "trusted", a checkbox could be made visible/sensitive to
turn on masquerading of packets coming from that interface. That is, for each
trusted interface, for packets coming from the subnet represented by the
interface, a MASQUERADE rule could be added to the NAT table, like so:

For each trusted interface that has this proposed checkbox checked:

iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if0>
--destination ! <subnet_from_trusted_if0> -j MASQUERADE
iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if1>
--destination ! <subnet_from_trusted_if1> -j MASQUERADE
iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if2>
--destination ! <subnet_from_trusted_if2> -j MASQUERADE
Comment 2 Gabriel Schulhof 2005-02-10 01:09:08 EST
I have spent the evening working on system-config-securitylevel, and I have come
up with both a UI (newt and python) as well as the necessary config file
maintenance (reading of /etc/sysconfig/sytem-config-securitylevel and generation
of /etc/sysconfig/iptables) to implement MASQUERADE-ing of trusted interfaces.

A patch follows.
Comment 3 Gabriel Schulhof 2005-02-10 01:11:29 EST
Created attachment 110911 [details]
Patch to be applied to the sources from system-config-securitylevel-1.4.18-2.src.rpm

This patch modifies both the python UI from system-config-securitylevel, as
well as the newt UI from lokkit. It also properly handles reading of the new
information from the config files, as well as correctly generating
/etc/sysconfig/iptables .
Comment 5 Chris Lumens 2005-02-10 11:36:45 EST
*** Bug 122589 has been marked as a duplicate of this bug. ***
Comment 6 Chris Lumens 2005-02-10 14:47:29 EST
Thanks for the patch.  It's been merged into rawhide for testing.

Note You need to log in before you can comment on or make changes to this bug.