On Sun, Jan 24, 2021 at 9:16 AM Andrei POPESCU <andreimpope...@gmail.com> wrote:
> On Sb, 16 ian 21, 10:28:43, Dan Hitt wrote: > > > > Regarding Andrei's suggestion of using nm-connection-editor, and using > > "Shared to other computers", i saw that last night, and tried using it. > It > > looked similar to the gui that i had on my old mint (ubuntu) machine. > ........ > > Eventually I got around to actually test this. > > First thing I noticed is that some of the necessary components are > Recommends of network-manager (dnsmasq-base and iptables, confirmed by > the package description). Unless installation of Recommends is > explicitly disabled these should already be installed. > > Next I added a new connection of type "Ethernet" and left everything at > default, except for setting the "Method" to "Shared to other computers" > in the "IPv4 Settings" tab. For good measure I restarted the entire > system, though I believe simply enabling the connection would have been > enough. > > With these the system at the other end of the cable received a DHCP > address in the 10.42.0.0/24 network and was able to ping both the "lan" > as well as the "wan" interface of the "gateway". According to my reading > the network can be changed by setting an address as desired. > > Unfortunately that is as far as I got. Since there are no recent reports > of problems with this I strongly suspect the issue is some > incompatibility between nft and the "special" 3.18 kernel running on the > "gateway" system. > > IPv4 forwarding was enabled correctly and I also tried a workaround for > an old bug (fixed already in stretch), i.e. setting IPv6 to "Ignore" > (and restarting). > > In case someone is interested to dig deeper I'm attaching the output of > 'nft list ruleset' (with the MAC address of the USB adapter redacted). > > Based on your symptoms I strongly suspect either one or both of > dnsmasq-base and iptables were missing from your system. > > Kind regards, > Andrei > -- > http://wiki.debian.org/FAQsFromDebianUser Thanks Andrei for being so nice and going to all this effort, and posting the results of running nft list ruleset Now, i do not have a command 'nft', or at least, no place that i can find a path to it. The man page for iptables-nft however lists your very command as an example, 'nft list ruleset'. But i cannot find 'nft' anywhere in the filesystem (except as a directory in linux-headers-xxxx). However, i do have commands /sbin/iptables and /sbin/iptables-nft. When i run either of them with the arguments --list-rules i get an output. But it is much shorter than yours, and '--verbose' only lengthens it very little. The output is: -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -i enxXXXXXXXXX -j ACCEPT while the verbose output is the same, except that the forward line now reads -A FORWARD -i enxXXXXXXXXX -c NNN MMMM -j ACCEPT (I've redacted the usb-ethernet id, as well as the two mysterious numbers after '-c': one having 3 digits and one having 5 digits.) Anyhow, thanks again for pursuing this so far. dan