On Sb, 16 ian 21, 10:28:43, Dan Hitt wrote:
>
> Regarding Andrei's suggestion of using nm-connection-editor, and using
> "Shared to other computers", i saw that last night, and tried using it. It
> looked similar to the gui that i had on my old mint (ubuntu) machine.
........
Eventually I got around to actually test this.
First thing I noticed is that some of the necessary components are
Recommends of network-manager (dnsmasq-base and iptables, confirmed by
the package description). Unless installation of Recommends is
explicitly disabled these should already be installed.
Next I added a new connection of type "Ethernet" and left everything at
default, except for setting the "Method" to "Shared to other computers"
in the "IPv4 Settings" tab. For good measure I restarted the entire
system, though I believe simply enabling the connection would have been
enough.
With these the system at the other end of the cable received a DHCP
address in the 10.42.0.0/24 network and was able to ping both the "lan"
as well as the "wan" interface of the "gateway". According to my reading
the network can be changed by setting an address as desired.
Unfortunately that is as far as I got. Since there are no recent reports
of problems with this I strongly suspect the issue is some
incompatibility between nft and the "special" 3.18 kernel running on the
"gateway" system.
IPv4 forwarding was enabled correctly and I also tried a workaround for
an old bug (fixed already in stretch), i.e. setting IPv6 to "Ignore"
(and restarting).
In case someone is interested to dig deeper I'm attaching the output of
'nft list ruleset' (with the MAC address of the USB adapter redacted).
Based on your symptoms I strongly suspect either one or both of
dnsmasq-base and iptables were missing from your system.
Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser
Thanks Andrei for being so nice and going to all this effort, and posting the results of running
nft list ruleset
Now, i do not have a command 'nft', or at least, no place that i can find a path to it. The man page for iptables-nft however lists your very command as an example, 'nft list ruleset'. But i cannot find 'nft' anywhere in the filesystem (except as a directory in linux-headers-xxxx).
However, i do have commands /sbin/iptables and /sbin/iptables-nft. When i run either of them with the arguments --list-rules i get an output. But it is much shorter than yours, and '--verbose' only lengthens it very little.
The output is:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i enxXXXXXXXXX -j ACCEPT
while the verbose output is the same, except that the forward line now reads
-A FORWARD -i enxXXXXXXXXX -c NNN MMMM -j ACCEPT
(I've redacted the usb-ethernet id, as well as the two mysterious numbers after '-c': one having 3 digits and one having 5 digits.)
Anyhow, thanks again for pursuing this so far.
dan