Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 83704 - RFE: connection sharing wizard needed
Summary: RFE: connection sharing wizard needed
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Chris Lumens
QA Contact:
: 122589 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2003-02-07 09:53 UTC by Julien Olivier
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2005-02-10 19:47:29 UTC

Attachments (Terms of Use)
Patch to be applied to the sources from system-config-securitylevel-1.4.18-2.src.rpm (deleted)
2005-02-10 06:11 UTC, Gabriel Schulhof
no flags Details | Diff

Description Julien Olivier 2003-02-07 09:53:30 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202

Description of problem:
I wish there was a wizard to set up connection sharing.

For example, if I have a PPP connection, I should be able to share it within my
local network. The wizard should set ip_forward to "1", install and configure
DHCPD with the right DNS etc...

All the user should see is a "[X] Share this connection" checkbox.

Thanks !

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Additional info:

Comment 1 Gabriel Schulhof 2005-02-09 23:06:19 UTC
Another approach might be this:
In the system-config-securitylevel, there is a tab for firewall setup. The
following addition could be made to the "trusted interfaces" UI. For each
interface marked as "trusted", a checkbox could be made visible/sensitive to
turn on masquerading of packets coming from that interface. That is, for each
trusted interface, for packets coming from the subnet represented by the
interface, a MASQUERADE rule could be added to the NAT table, like so:

For each trusted interface that has this proposed checkbox checked:

iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if0>
--destination ! <subnet_from_trusted_if0> -j MASQUERADE
iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if1>
--destination ! <subnet_from_trusted_if1> -j MASQUERADE
iptables -t nat -A POSTROUTING -p all --source <subnet_from_trusted_if2>
--destination ! <subnet_from_trusted_if2> -j MASQUERADE

Comment 2 Gabriel Schulhof 2005-02-10 06:09:08 UTC
I have spent the evening working on system-config-securitylevel, and I have come
up with both a UI (newt and python) as well as the necessary config file
maintenance (reading of /etc/sysconfig/sytem-config-securitylevel and generation
of /etc/sysconfig/iptables) to implement MASQUERADE-ing of trusted interfaces.

A patch follows.

Comment 3 Gabriel Schulhof 2005-02-10 06:11:29 UTC
Created attachment 110911 [details]
Patch to be applied to the sources from system-config-securitylevel-1.4.18-2.src.rpm

This patch modifies both the python UI from system-config-securitylevel, as
well as the newt UI from lokkit. It also properly handles reading of the new
information from the config files, as well as correctly generating
/etc/sysconfig/iptables .

Comment 5 Chris Lumens 2005-02-10 16:36:45 UTC
*** Bug 122589 has been marked as a duplicate of this bug. ***

Comment 6 Chris Lumens 2005-02-10 19:47:29 UTC
Thanks for the patch.  It's been merged into rawhide for testing.

Note You need to log in before you can comment on or make changes to this bug.