[ossig] NAT on home network with RH8 - GUI solutions only please!

Summary : Why is it so hard to set up internet connection
sharing with RH8?  Why no preinstalled GUI tool?

Hi, I'm trying to set up NAT on my home network with RH8
server, mix of client architectures and browsers, so all PCs
can connect to the internet.  My first gripe is 'NAT', why
a complex acronym for what Windows correctly calls 'internet
connection sharing', and why also call it 'masquerading'?

I already
have squid running on the RH8 internet-connected PC (dialup) so
web based apps already work, I just tell the browser to
go through the proxy.

I am ok with command line, but I am hoping for a day
when instructions don't talk of editing the /etc/xyz/abc.conf
file, so I'm trying to do this all with GUI tools.

In Windows it's easy - use Win2k on the
internet-connected PC and
tick the 'internet connection sharing' button.

I understand (although hopefully shouldn't need to) the
iptables command, but let's try to do this without that....

I think that a simple checkbox or method to do this is NOT
build into RH8.  So I found an app called 'firestarter'
(firestarter.sourceforge.net) which is a GUI firewall with NAT built in,
prebuilt RPM for RH8.  So far so good.

NAT works fine as soon as I launch 'firestarter'.

However, the troubles are several:

1) root has to start the gui firestarter app, even though I
already configured anybody can dial the internet.  I want to
leave my PC logged in as user 'imran' in the day, so my wife can
easily connect to internet with a few clicks.  There's no
GUI interface to 'sudo' I believe, so I'm back to arcane config
files if I want to 'sudo'.

2) firestarter seems to drop all the default red hat firewall
rules before adding its own.  without an external scan, how
far can i trust it?

3) firestarter can be set to start at boot, but it can't fails
due to the dialup connection being down at boot.  so i have no
choice but to start it AFTER dialling up the internet.

Any ideas?  Any other GUI tools?  I know I can achieve all this
by adding arcane extra 'MASQUERADING' commands to
/etc/sysconfig/iptables, but is it really so difficult?  How can
'joe 6 pack' do this, on his new 2 x preinstalled RH8 home network?
And if he can't, how come these tools are not build into RH8?
Is this one of the several commonly required tasks that Linux
turns into command-line-geeks-only (same with setting up squid...).

Apparently Mandrake does have an 'internet connection sharing
wizard' tool.  Well done Mandrake.


Imran William Smith
Project Manager, Open Source Development,
MIMOS Berhad, Malaysia

Asian Open Source Centre : http://www.asiaosc.org
MIMOS Open Source        : http://opensource.mimos.my

