debcrafters-packages team mailing list archive

[Mitchell Augustin <2128668@xxxxxxxxxxxxxxxxxx>]

I might have figured out a more proper / upstreamable solution to this:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1827#note_3161920

Will integrate and test tomorrow to see if it works as I expect.

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/2128668

Title:
  Wi-Fi hotspot startup does not configure firewalls as needed for
  internet sharing

Status in network-manager package in Ubuntu:
  In Progress

Bug description:
  SRU Justification:

  [ Impact ]

  When a wi-fi hotspot is being broadcast, NetworkManager does not
  automatically configure all firewall rules as needed for clients to
  access the internet.

  [ Test Plan ]

  Start wi-fi hotspot on device running ufw that is connected to the
  internet

  [ Actual result ]
  Clients cannot connect to the internet via the hotspot. Only after adding custom firewall rules such as those described above can the client connect to the internet.

  [ Expected result ]
  Clients can connect to the internet via the hotspot

  [ Fix ]

  At minimum, the following is needed to enable this:

  1. Enable routing from wireless adapter to wired adapter (ex: sudo ufw route allow in on wlP9s9 out on enp1s0 (varies depending on adapter names))
  2. Set iptables forwarding rules correctly (ex: sudo iptables -P FORWARD ACCEPT)
  3. If the host is running its own DNS / DHCP servers, those will also have to be allowed by the firewall

  (Discussion ongoing upstream)

  [ Where problems could occur ]

  Specifics to be researched

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2128668/+subscriptions