On Sb, 16 ian 21, 10:28:43, Dan Hitt wrote: > > Regarding Andrei's suggestion of using nm-connection-editor, and using > "Shared to other computers", i saw that last night, and tried using it. It > looked similar to the gui that i had on my old mint (ubuntu) machine. > > I made sure that the 'Ethernet' tab had the mac addr of the right device > --- it's a usb/ethernet cable, and has a long name, so it would be hard to > confuse it with enp2s0 (the connection to the 'internet-modem'). > > In the 'IPv4 Settings' tab, the method i have selected is 'Shared to other > computers'. There's a text area below, marked 'Address (optional)'. > > In that optional area i put the ip address of my debian machine, with '24' > for the netmask. The ip address for my debian machine, that i want to use > for this LAN, is consistent with what 'ip addr show' displays. It's kind > of unclear what to write for a gateway --- should i put in the address of > my debian box, or the address of the internet modem (router)? Anyhow, i > tried them both, and neither one worked. > > I also tried just deleting the 'Address (optional)' section, since it says > it is optional. But this also had no effect. > > I also added an extra ip address to the usb/ethernet link on my debian > machine, using > sudo ip addr add 10.X.Y.Z/24 dev enx********** > and this becomes instantly visible to the other system. So i think the > other system is properly accessing my debian system. > > So, thanks for any clarification anybody has to offer on the proper usage > of nm-connection-editor. Eventually I got around to actually test this. First thing I noticed is that some of the necessary components are Recommends of network-manager (dnsmasq-base and iptables, confirmed by the package description). Unless installation of Recommends is explicitly disabled these should already be installed. Next I added a new connection of type "Ethernet" and left everything at default, except for setting the "Method" to "Shared to other computers" in the "IPv4 Settings" tab. For good measure I restarted the entire system, though I believe simply enabling the connection would have been enough. With these the system at the other end of the cable received a DHCP address in the 10.42.0.0/24 network and was able to ping both the "lan" as well as the "wan" interface of the "gateway". According to my reading the network can be changed by setting an address as desired. Unfortunately that is as far as I got. Since there are no recent reports of problems with this I strongly suspect the issue is some incompatibility between nft and the "special" 3.18 kernel running on the "gateway" system. IPv4 forwarding was enabled correctly and I also tried a workaround for an old bug (fixed already in stretch), i.e. setting IPv6 to "Ignore" (and restarting). In case someone is interested to dig deeper I'm attaching the output of 'nft list ruleset' (with the MAC address of the USB adapter redacted). Based on your symptoms I strongly suspect either one or both of dnsmasq-base and iptables were missing from your system. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
table ip filter {
chain INPUT {
type filter hook input priority 0; policy accept;
iifname "enx0123456789ab" meta l4proto udp udp dport 67 counter packets 0 bytes 0 accept
iifname "enx0123456789ab" meta l4proto tcp tcp dport 67 counter packets 0 bytes 0 accept
iifname "enx0123456789ab" meta l4proto udp udp dport 53 counter packets 15 bytes 1173 accept
iifname "enx0123456789ab" meta l4proto tcp tcp dport 53 counter packets 0 bytes 0 accept
}
chain FORWARD {
type filter hook forward priority 0; policy accept;
oifname "enx0123456789ab" ip daddr 10.42.0.0/24 ct state related,established counter packets 0 bytes 0 accept
iifname "enx0123456789ab" ip saddr 10.42.0.0/24 counter packets 176 bytes 12104 accept
iifname "enx0123456789ab" oifname "enx0123456789ab" counter packets 0 bytes 0 accept
oifname "enx0123456789ab" counter packets 0 bytes 0 reject
iifname "enx0123456789ab" counter packets 0 bytes 0 reject
}
chain OUTPUT {
type filter hook output priority 0; policy accept;
}
}
table ip nat {
chain PREROUTING {
type nat hook prerouting priority -100; policy accept;
}
chain INPUT {
type nat hook input priority 100; policy accept;
}
chain POSTROUTING {
type nat hook postrouting priority 100; policy accept;
ip saddr 10.42.0.0/24 ip daddr != 10.42.0.0/24 counter packets 0 bytes 0 masquerade
}
chain OUTPUT {
type nat hook output priority -100; policy accept;
}
}
Attachment:
signature.asc
Description: PGP signature