Re: sharing a network connection from debian to non-debian
On Sun, Jan 24, 2021 at 10:09 PM Andrei POPESCU wrote: > On Du, 24 ian 21, 14:05:07, Dan Hitt wrote: > > > > Now, i do not have a command 'nft', or at least, no place that i can > find a > > path to it. The man page for iptables-nft however lists your very > command > > as an example, 'nft list ruleset'. But i cannot find 'nft' anywhere in > the > > filesystem (except as a directory in linux-headers-). > > It's part of package 'nftables' and should be installed in /usr/sbin/. > The package 'nftables' is a Recommends of 'iptables'. > > > What is the output of? > > apt-config dump | grep -i recommends > > > Kind regards, > Andrei > -- > http://wiki.debian.org/FAQsFromDebianUser Thanks Andrei for your message. I installed nftables and now i have nft, and it gives me more details. And just for reference, the command 'apt-config dump | grep -i recommends' gives me APT::Install-Recommends "1"; dan
Re: sharing a network connection from debian to non-debian
On Lu, 25 ian 21, 09:32:01, Joe wrote: > On Mon, 25 Jan 2021 08:08:40 +0200 > Andrei POPESCU wrote: > > > On Du, 24 ian 21, 14:05:07, Dan Hitt wrote: > > > > > > Now, i do not have a command 'nft', or at least, no place that i > > > can find a path to it. The man page for iptables-nft however > > > lists your very command as an example, 'nft list ruleset'. But i > > > cannot find 'nft' anywhere in the filesystem (except as a directory > > > in linux-headers-). > > > > It's part of package 'nftables' and should be installed in > > /usr/sbin/. The package 'nftables' is a Recommends of 'iptables'. > > > > > > What is the output of? > > > > apt-config dump | grep -i recommends > > > Many people don't install recommends automatically. Sure, I do that myself for really, really small installs, with the understanding that I have to deal myself with any issues that might arise due to missing recommends. > It doesn't get installed by default in anything before buster, so if > you're running anything earlier (or sid), you need to install it > manually. Also, an upgrade will not automatically switch to it from > iptables, even when it is installed. Quoting from APT's changelog: apt (0.7.0) experimental; urgency=low [...] * merged "install-recommends" branch (ABI break): - new "--install-recommends" - install new recommends on "upgrade" if --install-recommends is given - new "--fix-policy" option to install all packages with unmet important dependencies (useful with --install-recommends to see what not-installed recommends are on the system) - fix of recommended packages display (only show CandidateVersion fix or-group handling) [...] -- Michael Vogt Fri, 12 Jan 2007 20:48:07 +0100 This change was documented in the Release Notes for squeeze (Debian GNU/Linux 6.0, released in 2011), though it seems like it was already included in lenny (released in 2009). https://www.debian.org/releases/squeeze/amd64/release-notes/ch-whats-new.en.html#pkgmgmt Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: sharing a network connection from debian to non-debian
On Mon, 25 Jan 2021 08:08:40 +0200 Andrei POPESCU wrote: > On Du, 24 ian 21, 14:05:07, Dan Hitt wrote: > > > > Now, i do not have a command 'nft', or at least, no place that i > > can find a path to it. The man page for iptables-nft however > > lists your very command as an example, 'nft list ruleset'. But i > > cannot find 'nft' anywhere in the filesystem (except as a directory > > in linux-headers-). > > It's part of package 'nftables' and should be installed in > /usr/sbin/. The package 'nftables' is a Recommends of 'iptables'. > > > What is the output of? > > apt-config dump | grep -i recommends > Many people don't install recommends automatically. It doesn't get installed by default in anything before buster, so if you're running anything earlier (or sid), you need to install it manually. Also, an upgrade will not automatically switch to it from iptables, even when it is installed. -- Joe
Re: sharing a network connection from debian to non-debian
On Lu, 25 ian 21, 08:12:30, Andrei POPESCU wrote: > On Du, 24 ian 21, 18:50:15, Dan Hitt wrote: > > > > The address xubuntu took for itself was 10.42.0.1, which is the same > > address as the previous OS on that box took. Perhaps that is a magic > > address. > > Of course it is :D > > https://en.wikipedia.org/wiki/Phrases_from_The_Hitchhiker%27s_Guide_to_the_Galaxy#The_Answer_to_the_Ultimate_Question_of_Life,_the_Universe,_and_Everything_is_42 Forgot to add a spoiler warning for those who didn't read the book / saw the movie. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: sharing a network connection from debian to non-debian
On Du, 24 ian 21, 18:50:15, Dan Hitt wrote: > > The address xubuntu took for itself was 10.42.0.1, which is the same > address as the previous OS on that box took. Perhaps that is a magic > address. Of course it is :D https://en.wikipedia.org/wiki/Phrases_from_The_Hitchhiker%27s_Guide_to_the_Galaxy#The_Answer_to_the_Ultimate_Question_of_Life,_the_Universe,_and_Everything_is_42 Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: sharing a network connection from debian to non-debian
On Du, 24 ian 21, 14:05:07, Dan Hitt wrote: > > Now, i do not have a command 'nft', or at least, no place that i can find a > path to it. The man page for iptables-nft however lists your very command > as an example, 'nft list ruleset'. But i cannot find 'nft' anywhere in the > filesystem (except as a directory in linux-headers-). It's part of package 'nftables' and should be installed in /usr/sbin/. The package 'nftables' is a Recommends of 'iptables'. What is the output of? apt-config dump | grep -i recommends Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: sharing a network connection from debian to non-debian
On Sun, Jan 24, 2021 at 2:05 PM Dan Hitt wrote: > > > On Sun, Jan 24, 2021 at 9:16 AM Andrei POPESCU > wrote: > >> On Sb, 16 ian 21, 10:28:43, Dan Hitt wrote: >> > >> > Regarding Andrei's suggestion of using nm-connection-editor, and using >> > "Shared to other computers", i saw that last night, and tried using >> it. It >> > looked similar to the gui that i had on my old mint (ubuntu) machine. >> >> >> Eventually I got around to actually test this. >> >> First thing I noticed is that some of the necessary components are >> Recommends of network-manager (dnsmasq-base and iptables, confirmed by >> the package description). Unless installation of Recommends is >> explicitly disabled these should already be installed. >> >> Next I added a new connection of type "Ethernet" and left everything at >> default, except for setting the "Method" to "Shared to other computers" >> in the "IPv4 Settings" tab. For good measure I restarted the entire >> system, though I believe simply enabling the connection would have been >> enough. >> >> With these the system at the other end of the cable received a DHCP >> address in the 10.42.0.0/24 network and was able to ping both the "lan" >> as well as the "wan" interface of the "gateway". According to my reading >> the network can be changed by setting an address as desired. >> >> Unfortunately that is as far as I got. Since there are no recent reports >> of problems with this I strongly suspect the issue is some >> incompatibility between nft and the "special" 3.18 kernel running on the >> "gateway" system. >> >> IPv4 forwarding was enabled correctly and I also tried a workaround for >> an old bug (fixed already in stretch), i.e. setting IPv6 to "Ignore" >> (and restarting). >> >> In case someone is interested to dig deeper I'm attaching the output of >> 'nft list ruleset' (with the MAC address of the USB adapter redacted). >> >> Based on your symptoms I strongly suspect either one or both of >> dnsmasq-base and iptables were missing from your system. >> >> Kind regards, >> Andrei >> -- >> http://wiki.debian.org/FAQsFromDebianUser > > > Thanks Andrei for being so nice and going to all this effort, and posting > the results of running > nft list ruleset > > Now, i do not have a command 'nft', or at least, no place that i can find > a path to it. The man page for iptables-nft however lists your very > command as an example, 'nft list ruleset'. But i cannot find 'nft' > anywhere in the filesystem (except as a directory in linux-headers-). > > However, i do have commands /sbin/iptables and /sbin/iptables-nft. When i > run either of them with the arguments --list-rules i get an output. But it > is much shorter than yours, and '--verbose' only lengthens it very little. > > The output is: > > -P INPUT ACCEPT > -P FORWARD ACCEPT > -P OUTPUT ACCEPT > -A FORWARD -i enxX -j ACCEPT > > while the verbose output is the same, except that the forward line now > reads > -A FORWARD -i enxX -c NNN -j ACCEPT > > (I've redacted the usb-ethernet id, as well as the two mysterious numbers > after '-c': one having 3 digits and one having 5 digits.) > > Anyhow, thanks again for pursuing this so far. > One other thing i should add: I just installed xubuntu 20.4.1 on another computer, and the only other package i installed was emacs. So it should be very clean. I ran 'All Applications' > 'Advanced Network Configuration' and it popped up a gui which looks very, very similar to nm-connection-editor. (So i think it's the same software, although perhaps not exactly the same version.) I renamed the connections from 'Wired connection 1' and 'Wired connection 2' to something more readable, and for the connection to a third (ancient) computer, i changed the IPv4 setting to 'Shared to other computers'. I did absolutely nothing else, including giving it an ip address, or a net mask, or just anything. And there's no DHCP service on that LAN; no other computer is handing out ip addresses (as far as i know). Nevertheless, as soon as i clicked 'Save', my ancient computer could see the internet through the xubuntu machine. The address xubuntu took for itself was 10.42.0.1, which is the same address as the previous OS on that box took. Perhaps that is a magic address. There's an old debian message which suggests this: https://lists.debian.org/debian-user/2016/07/msg00422.html It's not a burning issue for me any more, but i still wonder about getting an 'nft' command, and anything else anybody knows. Thanks Andrei and everybody else for all your help. dan
Re: sharing a network connection from debian to non-debian
On Sun, Jan 24, 2021 at 9:16 AM Andrei POPESCU wrote: > On Sb, 16 ian 21, 10:28:43, Dan Hitt wrote: > > > > Regarding Andrei's suggestion of using nm-connection-editor, and using > > "Shared to other computers", i saw that last night, and tried using it. > It > > looked similar to the gui that i had on my old mint (ubuntu) machine. > > > Eventually I got around to actually test this. > > First thing I noticed is that some of the necessary components are > Recommends of network-manager (dnsmasq-base and iptables, confirmed by > the package description). Unless installation of Recommends is > explicitly disabled these should already be installed. > > Next I added a new connection of type "Ethernet" and left everything at > default, except for setting the "Method" to "Shared to other computers" > in the "IPv4 Settings" tab. For good measure I restarted the entire > system, though I believe simply enabling the connection would have been > enough. > > With these the system at the other end of the cable received a DHCP > address in the 10.42.0.0/24 network and was able to ping both the "lan" > as well as the "wan" interface of the "gateway". According to my reading > the network can be changed by setting an address as desired. > > Unfortunately that is as far as I got. Since there are no recent reports > of problems with this I strongly suspect the issue is some > incompatibility between nft and the "special" 3.18 kernel running on the > "gateway" system. > > IPv4 forwarding was enabled correctly and I also tried a workaround for > an old bug (fixed already in stretch), i.e. setting IPv6 to "Ignore" > (and restarting). > > In case someone is interested to dig deeper I'm attaching the output of > 'nft list ruleset' (with the MAC address of the USB adapter redacted). > > Based on your symptoms I strongly suspect either one or both of > dnsmasq-base and iptables were missing from your system. > > Kind regards, > Andrei > -- > http://wiki.debian.org/FAQsFromDebianUser Thanks Andrei for being so nice and going to all this effort, and posting the results of running nft list ruleset Now, i do not have a command 'nft', or at least, no place that i can find a path to it. The man page for iptables-nft however lists your very command as an example, 'nft list ruleset'. But i cannot find 'nft' anywhere in the filesystem (except as a directory in linux-headers-). However, i do have commands /sbin/iptables and /sbin/iptables-nft. When i run either of them with the arguments --list-rules i get an output. But it is much shorter than yours, and '--verbose' only lengthens it very little. The output is: -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -i enxX -j ACCEPT while the verbose output is the same, except that the forward line now reads -A FORWARD -i enxX -c NNN -j ACCEPT (I've redacted the usb-ethernet id, as well as the two mysterious numbers after '-c': one having 3 digits and one having 5 digits.) Anyhow, thanks again for pursuing this so far. dan
Re: sharing a network connection from debian to non-debian
On Sb, 16 ian 21, 10:28:43, Dan Hitt wrote:
>
> Regarding Andrei's suggestion of using nm-connection-editor, and using
> "Shared to other computers", i saw that last night, and tried using it. It
> looked similar to the gui that i had on my old mint (ubuntu) machine.
>
> I made sure that the 'Ethernet' tab had the mac addr of the right device
> --- it's a usb/ethernet cable, and has a long name, so it would be hard to
> confuse it with enp2s0 (the connection to the 'internet-modem').
>
> In the 'IPv4 Settings' tab, the method i have selected is 'Shared to other
> computers'. There's a text area below, marked 'Address (optional)'.
>
> In that optional area i put the ip address of my debian machine, with '24'
> for the netmask. The ip address for my debian machine, that i want to use
> for this LAN, is consistent with what 'ip addr show' displays. It's kind
> of unclear what to write for a gateway --- should i put in the address of
> my debian box, or the address of the internet modem (router)? Anyhow, i
> tried them both, and neither one worked.
>
> I also tried just deleting the 'Address (optional)' section, since it says
> it is optional. But this also had no effect.
>
> I also added an extra ip address to the usb/ethernet link on my debian
> machine, using
>sudo ip addr add 10.X.Y.Z/24 dev enx**
> and this becomes instantly visible to the other system. So i think the
> other system is properly accessing my debian system.
>
> So, thanks for any clarification anybody has to offer on the proper usage
> of nm-connection-editor.
Eventually I got around to actually test this.
First thing I noticed is that some of the necessary components are
Recommends of network-manager (dnsmasq-base and iptables, confirmed by
the package description). Unless installation of Recommends is
explicitly disabled these should already be installed.
Next I added a new connection of type "Ethernet" and left everything at
default, except for setting the "Method" to "Shared to other computers"
in the "IPv4 Settings" tab. For good measure I restarted the entire
system, though I believe simply enabling the connection would have been
enough.
With these the system at the other end of the cable received a DHCP
address in the 10.42.0.0/24 network and was able to ping both the "lan"
as well as the "wan" interface of the "gateway". According to my reading
the network can be changed by setting an address as desired.
Unfortunately that is as far as I got. Since there are no recent reports
of problems with this I strongly suspect the issue is some
incompatibility between nft and the "special" 3.18 kernel running on the
"gateway" system.
IPv4 forwarding was enabled correctly and I also tried a workaround for
an old bug (fixed already in stretch), i.e. setting IPv6 to "Ignore"
(and restarting).
In case someone is interested to dig deeper I'm attaching the output of
'nft list ruleset' (with the MAC address of the USB adapter redacted).
Based on your symptoms I strongly suspect either one or both of
dnsmasq-base and iptables were missing from your system.
Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser
table ip filter {
chain INPUT {
type filter hook input priority 0; policy accept;
iifname "enx0123456789ab" meta l4proto udp udp dport 67 counter
packets 0 bytes 0 accept
iifname "enx0123456789ab" meta l4proto tcp tcp dport 67 counter
packets 0 bytes 0 accept
iifname "enx0123456789ab" meta l4proto udp udp dport 53 counter
packets 15 bytes 1173 accept
iifname "enx0123456789ab" meta l4proto tcp tcp dport 53 counter
packets 0 bytes 0 accept
}
chain FORWARD {
type filter hook forward priority 0; policy accept;
oifname "enx0123456789ab" ip daddr 10.42.0.0/24 ct state
related,established counter packets 0 bytes 0 accept
iifname "enx0123456789ab" ip saddr 10.42.0.0/24 counter packets
176 bytes 12104 accept
iifname "enx0123456789ab" oifname "enx0123456789ab" counter
packets 0 bytes 0 accept
oifname "enx0123456789ab" counter packets 0 bytes 0 reject
iifname "enx0123456789ab" counter packets 0 bytes 0 reject
}
chain OUTPUT {
type filter hook output priority 0; policy accept;
}
}
table ip nat {
chain PREROUTING {
type nat hook prerouting priority -100; policy accept;
}
chain INPUT {
type nat hook input priority 100; policy accept;
}
chain POSTROUTING {
type nat hook postrouting priority 100; policy accept;
ip saddr 10.42.0.0/24 ip daddr != 10.42.0.0/24 counter packets
0 bytes 0 masquerade
}
chain OUTPUT {
type nat hook output priority -100; policy accept;
}
}
signature.asc
Description: PGP
Re: sharing a network connection from debian to non-debian
On 2021-01-18 16:40, Dan Hitt wrote: First, the setup is that i have 3 hosts: A --- runs debian 10 B --- runs linux mint 16.04 C --- old hardware which cannot connect to my internet-modem-router. Each of the 3 hosts has 2 network interfaces; there are thus 3 LANs (local area networks), and each host is on two of them, but not the third. The internet-modem-router is on the same LAN as A and B, because C cannot connect to it directly without destabilizing or sometimes just locking. I installed linux mint 16.04 on host B about 5 years ago. Setting up the network was easy: all i had to do was select some option in some gui that said "shared" or "share network" or something like that. That just worked, and host C could see the internet through host B. It still does work, by the way. However, i would like to upgrade host B to use debian 10, just like host A. When i do that, host C will lose (or would have lost) connectivity to the internet because host A did not share its internet with host C. So, before upgrading host B to debian, it was necessary to get the network working properly on the LAN connecting A and C. This, by the way, can be tested on C by using the -S argument with ping. On host C, i can run "ping -S X.Y.Z.W google.com". By setting X.Y.Z.W to the ip of the BC interface, it will go through B (mint), and it does that successfully. But by setting X.Y.Z.W to the ip of the AC interface, it would have to go through A (debian), and until i fixed it (as described below), this would fail. So although i agree that in general, it makes sense to upgrade to a clean host before trying to get the network running, in this particular case it was imperative to first get the network running through a host, A, that was already in existence and has a couple of years' usage, before upgrading host B (currently mint, but hopefully soon to be debian). The one advantage of this setup though, is that it was possible to compare a working system (B, mint) with a non-working system (A, debian). I ran across this article by Nico Brailovsky, https://monoinfinito.wordpress.com/series/setting-up-a-linux-gatewayrouter-a-guide-for-non-network-admins/ which explained how to do it. First, one must adjust /proc/sys/net/ipv4/ip_forwarding. On host B (mint), the working system, that file had an ascii '1' in it. On host A (debian), the non-working system, that file had a '0' in it. So i changed it on A, to be '1'. Then, the ip tables have to be updated. The commands Brailovsky gave need to be modified just slightly, due to differences in naming conventions of the interfaces. They are: sudo iptables --table nat --append POSTROUTING --out-interface enp2s0 -j MASQUERADE and then sudo iptables --append FORWARD --in-interface X -j ACCEPT Here, enp2s0 is the standard name for the motherboard ethernet port, and XX is to be replaced by the name of the second interface. In my case, it is etherhet-over-usb, so is some long name that would be different for every host. And that's it. I didn't even have to restart the networking service --- although i did restart it after editing /proc/sys/net/ipv4/ip_forwarding, just to see if changing that one file would be enough to get things working. (Just for reference, restarting the networking is done by 'sudo /etc/init.d/networking restart' . ) Some miscellaneous notes: 'sudo iptables --list' still gives different results between host A and host B; the linux mint has several more entries than debian. And of course, i do not know if the prior work i had done with the connection editor had any role in this; possibly it provided some crucial configuration change. And if i could run the mint tool on the debian system, then maybe it could all have been done more simply. But it seems to work, at least for now. Thanks again everybody for your help! You build a Debian NAT/ router the old-school way. :-) David
Re: sharing a network connection from debian to non-debian
On 16/1/21 3:02 pm, Dan Hitt wrote: In 2016, i had a computer with mint on it (which is a form of ubuntu), and it was connected to an internet modem. There was a super simple gui on it that i could use to share that connection with some older hardware that were not directly connected to the internet modem. (They were not connected to the internet modem because for whatever reason, directly connecting them made them very unstable and prone to crash.) But, nevertheless, the old hardware could use the mint box with no configuration on my part, and get out to the internet through it. Hi Dan, what you want to do, used to be called IP masquerading and pretty much everyone did it on their linux box to share their dial up connection to other computers on their lan. Now it seems to be called NAT network address translation and the possibilities of what you can do have multiplied tremendously, but the simple use case is still there. From memory I used shorewall to configure iptables but it is pretty simple to do manually. And has the advantage of not having layers of complexity on top of it to debug if something goes wrong. Here's a howto I found, old but it looks like it should still work https://tldp.org/HOWTO/html_single/Masquerading-Simple-HOWTO/ dan -- The Founding Fathers knew a government can't control the economy without controlling people. And they knew when a government sets out to do that, it must use force and coercion to achieve its purpose. So we have come to a time for choosing
Re: sharing a network connection from debian to non-debian
On 1/19/2021 1:40 AM, Dan Hitt wrote: On Sun, Jan 17, 2021 at 11:41 PM David Christensen < dpchr...@holgerdanske.com> wrote: On 2021-01-16 10:28, Dan Hitt wrote: I probably never made my situation very clear, but i do now have a solution. I'm posting it here for the benefit of anybody who has a similar problem, and finds this thread. First, the setup is that i have 3 hosts: A --- runs debian 10 B --- runs linux mint 16.04 C --- old hardware which cannot connect to my internet-modem-router. Each of the 3 hosts has 2 network interfaces; there are thus 3 LANs (local area networks), and each host is on two of them, but not the third. The internet-modem-router is on the same LAN as A and B, because C cannot connect to it directly without destabilizing or sometimes just locking. I installed linux mint 16.04 on host B about 5 years ago. Setting up the network was easy: all i had to do was select some option in some gui that said "shared" or "share network" or something like that. That just worked, and host C could see the internet through host B. It still does work, by the way. However, i would like to upgrade host B to use debian 10, just like host A. When i do that, host C will lose (or would have lost) connectivity to the internet because host A did not share its internet with host C. So, before upgrading host B to debian, it was necessary to get the network working properly on the LAN connecting A and C. This, by the way, can be tested on C by using the -S argument with ping. On host C, i can run "ping -S X.Y.Z.W google.com". By setting X.Y.Z.W to the ip of the BC interface, it will go through B (mint), and it does that successfully. But by setting X.Y.Z.W to the ip of the AC interface, it would have to go through A (debian), and until i fixed it (as described below), this would fail. So although i agree that in general, it makes sense to upgrade to a clean host before trying to get the network running, in this particular case it was imperative to first get the network running through a host, A, that was already in existence and has a couple of years' usage, before upgrading host B (currently mint, but hopefully soon to be debian). The one advantage of this setup though, is that it was possible to compare a working system (B, mint) with a non-working system (A, debian). I ran across this article by Nico Brailovsky, https://monoinfinito.wordpress.com/series/setting-up-a-linux-gatewayrouter-a-guide-for-non-network-admins/ which explained how to do it. First, one must adjust /proc/sys/net/ipv4/ip_forwarding. On host B (mint), the working system, that file had an ascii '1' in it. On host A (debian), the non-working system, that file had a '0' in it. So i changed it on A, to be '1'. Then, the ip tables have to be updated. The commands Brailovsky gave need to be modified just slightly, due to differences in naming conventions of the interfaces. They are: sudo iptables --table nat --append POSTROUTING --out-interface enp2s0 -j MASQUERADE and then sudo iptables --append FORWARD --in-interface X -j ACCEPT Note that Debian is moving from Iptables to Nftables, the effect of the above cmds will be lost when rebooting the host. Here, enp2s0 is the standard name for the motherboard ethernet port, and XX is to be replaced by the name of the second interface. In my case, it is etherhet-over-usb, so is some long name that would be different for every host. And that's it. I didn't even have to restart the networking service --- although i did restart it after editing /proc/sys/net/ipv4/ip_forwarding, just to see if changing that one file would be enough to get things working. (Just for reference, restarting the networking is done by 'sudo /etc/init.d/networking restart' . ) On Debian you would probably want to use 'systemctl restart networking' instead of calling the script directly. Restarting the networking service is not required when you enable/disable ipforwarding. Using a frontend to IP/Nftables might be worth considering. -- John Doe
Re: sharing a network connection from debian to non-debian
On Sun, Jan 17, 2021 at 11:41 PM David Christensen < dpchr...@holgerdanske.com> wrote: > On 2021-01-16 10:28, Dan Hitt wrote: > > > Regarding Andrei's suggestion of using nm-connection-editor, ... > > > GUI tools can be nice when you have an idea of what they are doing > "under the hood". With networking, multiple hoods are involved and many > are inaccessible (notably your ISP and the Internet). > > > I recommend that you start by buying and reading "Networking for Systems > Administrators" by Lucas: > > https://mwl.io/nonfiction/networking#n4sa > <<>> > > > Unless your hardware is broken, the most likely cause of network > problems is misconfiguration. Given dozens settings or more per device, > the number of combinations across even a small network grows > astronomically. The most direct path to a working configuration on an > X86 PC is to do a fresh install of Debian. I would remove the drives in > a problem PC, install a blank drive, do fresh install of Debian 9, and > see if that works. > > > David > > Thanks David for the reply and the link. I probably never made my situation very clear, but i do now have a solution. I'm posting it here for the benefit of anybody who has a similar problem, and finds this thread. First, the setup is that i have 3 hosts: A --- runs debian 10 B --- runs linux mint 16.04 C --- old hardware which cannot connect to my internet-modem-router. Each of the 3 hosts has 2 network interfaces; there are thus 3 LANs (local area networks), and each host is on two of them, but not the third. The internet-modem-router is on the same LAN as A and B, because C cannot connect to it directly without destabilizing or sometimes just locking. I installed linux mint 16.04 on host B about 5 years ago. Setting up the network was easy: all i had to do was select some option in some gui that said "shared" or "share network" or something like that. That just worked, and host C could see the internet through host B. It still does work, by the way. However, i would like to upgrade host B to use debian 10, just like host A. When i do that, host C will lose (or would have lost) connectivity to the internet because host A did not share its internet with host C. So, before upgrading host B to debian, it was necessary to get the network working properly on the LAN connecting A and C. This, by the way, can be tested on C by using the -S argument with ping. On host C, i can run "ping -S X.Y.Z.W google.com". By setting X.Y.Z.W to the ip of the BC interface, it will go through B (mint), and it does that successfully. But by setting X.Y.Z.W to the ip of the AC interface, it would have to go through A (debian), and until i fixed it (as described below), this would fail. So although i agree that in general, it makes sense to upgrade to a clean host before trying to get the network running, in this particular case it was imperative to first get the network running through a host, A, that was already in existence and has a couple of years' usage, before upgrading host B (currently mint, but hopefully soon to be debian). The one advantage of this setup though, is that it was possible to compare a working system (B, mint) with a non-working system (A, debian). I ran across this article by Nico Brailovsky, https://monoinfinito.wordpress.com/series/setting-up-a-linux-gatewayrouter-a-guide-for-non-network-admins/ which explained how to do it. First, one must adjust /proc/sys/net/ipv4/ip_forwarding. On host B (mint), the working system, that file had an ascii '1' in it. On host A (debian), the non-working system, that file had a '0' in it. So i changed it on A, to be '1'. Then, the ip tables have to be updated. The commands Brailovsky gave need to be modified just slightly, due to differences in naming conventions of the interfaces. They are: sudo iptables --table nat --append POSTROUTING --out-interface enp2s0 -j MASQUERADE and then sudo iptables --append FORWARD --in-interface X -j ACCEPT Here, enp2s0 is the standard name for the motherboard ethernet port, and XX is to be replaced by the name of the second interface. In my case, it is etherhet-over-usb, so is some long name that would be different for every host. And that's it. I didn't even have to restart the networking service --- although i did restart it after editing /proc/sys/net/ipv4/ip_forwarding, just to see if changing that one file would be enough to get things working. (Just for reference, restarting the networking is done by 'sudo /etc/init.d/networking restart' . ) Some miscellaneous notes: 'sudo iptables --list' still gives different results between host A and host B; the linux mint has several more entries than debian. And of course, i do not know if the prior work i had done with the connection editor had any role in this; possibly it provided some crucial configuration change. And if i could run the mint tool on the debian system, then maybe it could all have been done more simply. But it
Re: sharing a network connection from debian to non-debian
On 2021-01-16 10:28, Dan Hitt wrote: Regarding Andrei's suggestion of using nm-connection-editor, ... GUI tools can be nice when you have an idea of what they are doing "under the hood". With networking, multiple hoods are involved and many are inaccessible (notably your ISP and the Internet). I recommend that you start by buying and reading "Networking for Systems Administrators" by Lucas: https://mwl.io/nonfiction/networking#n4sa David --- thanks for all the information. The UNIfi system looks good and is not very expensive.I would have to investigate it carefully though, because my ancient hardware is very sensitive to something about the electrical environment of the network (otherwise i'd just hook it into my internet-modem-router). Unless your hardware is broken, the most likely cause of network problems is misconfiguration. Given dozens settings or more per device, the number of combinations across even a small network grows astronomically. The most direct path to a working configuration on an X86 PC is to do a fresh install of Debian. I would remove the drives in a problem PC, install a blank drive, do fresh install of Debian 9, and see if that works. David
Re: sharing a network connection from debian to non-debian
On Sun, 17 Jan 2021 09:25:31 +0200 Andrei POPESCU wrote: ... > Look for a router supported by OpenWrt. They are typically more > expensive, but could very well be worth the investment in the long run, > especially if it would work also with your older boxes. You might be surprised at how affordable OpenWrt compatible gear can be. Look at brands like GL.iNet - they sell units with OpenWrt installed for as little as ~$20 (802.11n) / ~$40 (low-end 802.11ac). The big problem with OpenWrt, as I was just reminded while searching for easily accesible information about budget OpenWrt routers, is that there's no reliable, comprehensive, up-to-date documentation on currently available models and their OpenWrt compatibility, and so trying to to find the best unit to purchase for ones needs / budget can mean wading through forum threads often full of outdated information (or just asking your own question on the forums). FWIW, I've been using a TP-Link AC2600 with OpenWrt for years, and I've been pretty satisfied with it. Celejar
Re: sharing a network connection from debian to non-debian
On 1/17/2021 8:25 AM, Andrei POPESCU wrote: On Sb, 16 ian 21, 10:28:43, Dan Hitt wrote: I made sure that the 'Ethernet' tab had the mac addr of the right device --- it's a usb/ethernet cable, and has a long name, so it would be hard to confuse it with enp2s0 (the connection to the 'internet-modem'). In the 'IPv4 Settings' tab, the method i have selected is 'Shared to other computers'. There's a text area below, marked 'Address (optional)'. In that optional area i put the ip address of my debian machine, with '24' for the netmask. The ip address for my debian machine, that i want to use for this LAN, is consistent with what 'ip addr show' displays. It's kind of unclear what to write for a gateway --- should i put in the address of my debian box, or the address of the internet modem (router)? Anyhow, i tried them both, and neither one worked. As the server has already internet and working fine, you don't have to do anything on the server. I also tried just deleting the 'Address (optional)' section, since it says it is optional. But this also had no effect. I also added an extra ip address to the usb/ethernet link on my debian machine, using sudo ip addr add 10.X.Y.Z/24 dev enx** and this becomes instantly visible to the other system. So i think the other system is properly accessing my debian system. Looks like it, indeed. Note that this change is not permanent, thus won't be save while rebooting. So, thanks for any clarification anybody has to offer on the proper usage of nm-connection-editor. As far as I recall (it's been a while) it was as easy as setting the Shared... in nm-connection-editor. Network Manager should then take care to enable forwarding in the kernel and run a DHCP/DNS caching server (probably dnsmasq) on that interface. How are the other boxes configured? They should either be configured with DHCP or with static addresses in the same 10.*.*.* network as the Debian box (mind the netmask!) and Debian's 10.*.*.* IP address as gateway and DNS server. It might help to show exactly what the network settings are for the "internal" connection on Debian and on the other boxes. In general, if you want to assign one static address per client, the client would have to use one IP address from the IP subnet used on the server (10...) in your case). The gateway and the DNS address would be pointing to the ip of the server. So in your case something like: - Server: IP: 10.0.0.1, mask: 255.255.255.0 (CIDR: /24) - Client1: IP: 10.0.0.2, mask: 255.255.255.0, GW: 10.0.0.1, DNS: 10.0.0.1 - Client2: IP: 10.0.0.3, mask: 255.255.255.0, GW: 10.0.0.1, DNS: 10.0.0.1 Regarding buying a new router, picking one on which you can change the stock firmware to OpenWrt or alike give you the flexibility of having a more tweakable router. One advantage of Dd-Wrt/Tomato or alike is that it is way easier to reset to factory default incase you screw up! :) -- John Doe
Re: sharing a network connection from debian to non-debian
On Sb, 16 ian 21, 10:28:43, Dan Hitt wrote: > > I made sure that the 'Ethernet' tab had the mac addr of the right device > --- it's a usb/ethernet cable, and has a long name, so it would be hard to > confuse it with enp2s0 (the connection to the 'internet-modem'). > > In the 'IPv4 Settings' tab, the method i have selected is 'Shared to other > computers'. There's a text area below, marked 'Address (optional)'. > > In that optional area i put the ip address of my debian machine, with '24' > for the netmask. The ip address for my debian machine, that i want to use > for this LAN, is consistent with what 'ip addr show' displays. It's kind > of unclear what to write for a gateway --- should i put in the address of > my debian box, or the address of the internet modem (router)? Anyhow, i > tried them both, and neither one worked. It's slightly unclear what address you used here, but as per your OP it should be in your "internal" network 10.*.*.*. The gateway must be left blank. The Debian system becomes the gateway for the other computers. Debian's gateway is the modem and is configured in the other connection (to the modem). > I also tried just deleting the 'Address (optional)' section, since it says > it is optional. But this also had no effect. > > I also added an extra ip address to the usb/ethernet link on my debian > machine, using >sudo ip addr add 10.X.Y.Z/24 dev enx** > and this becomes instantly visible to the other system. So i think the > other system is properly accessing my debian system. Looks like it, indeed. > So, thanks for any clarification anybody has to offer on the proper usage > of nm-connection-editor. As far as I recall (it's been a while) it was as easy as setting the Shared... in nm-connection-editor. Network Manager should then take care to enable forwarding in the kernel and run a DHCP/DNS caching server (probably dnsmasq) on that interface. How are the other boxes configured? They should either be configured with DHCP or with static addresses in the same 10.*.*.* network as the Debian box (mind the netmask!) and Debian's 10.*.*.* IP address as gateway and DNS server. It might help to show exactly what the network settings are for the "internal" connection on Debian and on the other boxes. If it still won't work I can try to replicate your setup later. > (2) Yes, it has 4 ports. That's not an issue, because i can and have > attached switches to it. However, i cannot attach my ancient hardware to > it because it locks them up for whatever reason. Care to elaborate on this? My understanding is that your other boxes just freeze, though this unusual just from some network incompatibility. Older Debian versions had some issues (DNS?) with crappy routers. As far as I recall turning IPv6 off helped. > (3) Regarding getting another router to sit between the internet-modem and > my ancient hardware: i wouldn't mind doing that at all, in fact, that's > what i'm trying to do with my debian box :), to get it to act as a router. > But i have tons of visibility into my debian system, including compiling > special purpose software if necessary, but if i just get a dedicated > black-box router, how could i manage it? Look for a router supported by OpenWrt. They are typically more expensive, but could very well be worth the investment in the long run, especially if it would work also with your older boxes. For a low power (processing as well as consumption) solution supported by Debian something like the PINE A64 from Pine64.org with an additional USB network adapter would be sufficient, though the network speed would be somewhat limited (the PINE A64+ has a Gigabit adapter, but only USB2). For 1Gbit/s you would need something like the ROCK64 (has Gigabit ethernet and USB3 port). I don't have first hand experience with it, but it is supported by the bullseye Debian Installer, which is a very good start. If you are interested in it you should look into the status of support in Linux mainline (though I expect it to be good enough, possibly even better than for the PINE A64). On the other hand these devices could be faster than your old boxes while using only a fraction of the power. Are you sure those old boxes are worth keeping around? Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: sharing a network connection from debian to non-debian
On Saturday, January 16, 2021 01:28:43 PM Dan Hitt wrote: > On Fri, Jan 15, 2021 at 11:57 PM Andrei POPESCU > RH --- thanks for the information about Ubiquiti, i will have to > investigate it. I have to be careful with new hardware connected to the > ancient stuff (as with the UNIfi system). You're welcome, but I would add two things: * I missed the point about your old hardware not working with other routers that you've tried -- if that is the case, the Ubiquiti might not help (although there is some visibility into it -- you can log into it and check and change some settings -- I'm not even sure of all of them * I noticed your mention of a "black box" router -- I would point out that there is (was?) a company named Black Box that makes devices related to networking -- if they sold a router, I rather strongly suspect you could log into it and check and change at least some settings
Re: sharing a network connection from debian to non-debian
On Fri, Jan 15, 2021 at 11:57 PM Andrei POPESCU wrote: > On Vi, 15 ian 21, 21:02:58, Dan Hitt wrote: > > > > So i just need to know what to do on the debian box so that it can field > > requests to get ips from host names on the internet, and forward packets > to > > the internet modem. Hopefully, it will be some simple tool like > > nm-connection-editor, but maybe it has to be a series of commands. If it > > is a series of commands, what are they? > > In nm-connection-editor select the connection with the other system > (*not* to the internet) and set the Method to "Shared to other > computers" in the IPv4 tab (and IPv6 if you want so). > > Unfortunately the wording of the option is counterintuitive, it should > probably be something like "allow other computers on this connection to > use this computer's internet connection" (whichever that might be). > Thanks Andrei for your message. Thanks everybody else also---i'm still studying all your replies, and i have some questions about them (further below). Regarding Andrei's suggestion of using nm-connection-editor, and using "Shared to other computers", i saw that last night, and tried using it. It looked similar to the gui that i had on my old mint (ubuntu) machine. I made sure that the 'Ethernet' tab had the mac addr of the right device --- it's a usb/ethernet cable, and has a long name, so it would be hard to confuse it with enp2s0 (the connection to the 'internet-modem'). In the 'IPv4 Settings' tab, the method i have selected is 'Shared to other computers'. There's a text area below, marked 'Address (optional)'. In that optional area i put the ip address of my debian machine, with '24' for the netmask. The ip address for my debian machine, that i want to use for this LAN, is consistent with what 'ip addr show' displays. It's kind of unclear what to write for a gateway --- should i put in the address of my debian box, or the address of the internet modem (router)? Anyhow, i tried them both, and neither one worked. I also tried just deleting the 'Address (optional)' section, since it says it is optional. But this also had no effect. I also added an extra ip address to the usb/ethernet link on my debian machine, using sudo ip addr add 10.X.Y.Z/24 dev enx** and this becomes instantly visible to the other system. So i think the other system is properly accessing my debian system. So, thanks for any clarification anybody has to offer on the proper usage of nm-connection-editor. (One point i'm a little bit curious about is how nm-connection-editor can work at all, because i'm running it as an unprivileged user, and these network things like sudo. Maybe there's a setuid bit somewhere or something, but the software certainly doesn't complain that it doesn't have root privs.) Now, regarding all the other suggestions, i intend to work through each of them, because i'm not too particular. But i should clarify these points: (1) Yes, my 'internet-modem' is a router. But it's a real black-box router that i cannot see into. (2) Yes, it has 4 ports. That's not an issue, because i can and have attached switches to it. However, i cannot attach my ancient hardware to it because it locks them up for whatever reason. But for several years i did use my mint (ubuntu) box to stand between the internet-modem-router and my ancient hardware. My ancient hardware just cannot share a physical ethernet with my internet-modem-router (including being on the same switch as it). (3) Regarding getting another router to sit between the internet-modem and my ancient hardware: i wouldn't mind doing that at all, in fact, that's what i'm trying to do with my debian box :), to get it to act as a router. But i have tons of visibility into my debian system, including compiling special purpose software if necessary, but if i just get a dedicated black-box router, how could i manage it? Nevertheless, i'm quite willing to get a second router. Mick -- you mentioned a smallish PC for 20 pounds (maybe 40 dollars?) which would have 2 network cards --- for that price i wouldn't mind doing it, but that seems awfully cheap. Is there a reason for network cards as opposed to just ethernet over usb? I don't need high performance. Anyhow thanks. John --- when i rebuild the mint box, i plan to make a new partition on it for the debian system, so it will be done from scratch. And thanks for the suggestion of using dnsmasq. If i cannot manage to make do with nm-connection-editor i hope to try it out (and/or shorewall). Doug --- if you have suggestions for a router, please let me know, and thanks. David --- thanks for all the information. The UNIfi system looks good and is not very expensive. I would have to investigate it carefully though, because my ancient hardware is very sensitive to something about the electrical environment of the network (otherwise i'd just hook it into my internet-modem-router). RH --- thanks for the information about Ubiquiti, i
Re: sharing a network connection from debian to non-debian
On 16/01/2021 05:02, Dan Hitt wrote: In 2016, i had a computer with mint on it (which is a form of ubuntu), and it was connected to an internet modem. There was a super simple gui on it that i could use to share that connection with some older hardware that were not directly connected to the internet modem. (They were not connected to the internet modem because for whatever reason, directly connecting them made them very unstable and prone to crash.) But, nevertheless, the old hardware could use the mint box with no configuration on my part, and get out to the internet through it. Not sure about how much config you want to do or are capable of doing but if your 'modem' truly is just a modem then a simple-ish way to go, without added expense, is to install 'Shorewall' onto your new debian installation. This gives you routing and firewall protection. It's likely though that your 'modem' is not just a modem as your other hardware will need to be getting dhcp and dns from somewhere and if you haven't configured it, it must be from what you think is just a 'modem'. Mike. --
Re: sharing a network connection from debian to non-debian
On Saturday, January 16, 2021 05:01:23 AM David Christensen wrote: > On 2021-01-15 21:02, Dan Hitt wrote: > > In 2016, i had a computer with mint on it (which is a form of ubuntu), > > and it was connected to an internet modem. There was a super simple gui > > on it that i could use to share that connection with some older hardware > > that were not directly connected to the internet modem. (They were not > > connected to the internet modem because for whatever reason, directly > > connecting them made them very unstable and prone to crash.) But, > > nevertheless, the old hardware could use the mint box with no > > configuration on my part, and get out to the internet through it. Just to suggest an alternate solution, you could put a (hardware) router after the Internet modem and use that to provide access to multiple computers / devices. I have a Ubiquiti edge router with 4 Ethernet ports and some nice features (among them QOS that lets me limit the bandwidth used by some devices so that other devices can get sufficient bandwidth when the need it (e.g., VOIP telephones)). (Also, usage monitoring, firewall capability, Nat capability (well, I'll say all the things you normally need. I think the list price of the Edge router today is around $100 -- I bought it several (5?) years ago on sale for ~$50. My son and I each have a desk with multiple devices which need Internet access, so we ran one cable from the Edge router to each desk, then put an Ethernet switch at each desk to allow multiple devices to connect.
Re: sharing a network connection from debian to non-debian
On 2021-01-15 21:02, Dan Hitt wrote: In 2016, i had a computer with mint on it (which is a form of ubuntu), and it was connected to an internet modem. There was a super simple gui on it that i could use to share that connection with some older hardware that were not directly connected to the internet modem. (They were not connected to the internet modem because for whatever reason, directly connecting them made them very unstable and prone to crash.) But, nevertheless, the old hardware could use the mint box with no configuration on my part, and get out to the internet through it. Now, as it happens, i'm planning on upgrading that mint box to debian. In preparation for that, i'm trying to share the internet with them using another box, which has debian on it, and which is connected to the internet modem. The debian box has some address like 192.168.*.* on the internet modem network, and an address like 10.*.*.* connected to the old hardware, and the two networks have no direct connection, they just both hook up to my debian machine (one on the motherboard's ethernet, and one on a usb/ethernet device). For the old hardware, i can specify the address, a gateway, and a host for dns (all done by ip). I would choose the ip of the debian box for both the gateway and the dns, and i'd take the ip address of the old hardware to just be something unused (no need to run dhcpd on the debian box, i think). So i just need to know what to do on the debian box so that it can field requests to get ips from host names on the internet, and forward packets to the internet modem. Hopefully, it will be some simple tool like nm-connection-editor, but maybe it has to be a series of commands. If it is a series of commands, what are they? TIA for any info! I set up a personal computer (PC) as a firewall/ router using a general-purpose FOSS OS distribution (Red Hat Linux?) many years ago. It was a lot a work, but I learned a lot about networking and Linux. If you choose this path, you will need to learn "netfilter": https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_netfilter_infrastructure Some years later, purpose-built firewall/ router FOSS distributions with WWW control panels became available. These were easier to configure and manage than a general-purpose OS, and more secure. IP Cop was my favorite: http://www.ipcop.org/ But an old PC running 24x7 is bulky, requires a keyboard and monitor, consumes electricity, makes noise, and generates heat. I wanted a small, silent, low-power box with a WWW control panel. I tried various consumer firewall/ router/ WiFi/ switch appliances, and FOSS firmware for some, but they were all lacking and I bricked at least one device. After more searching, I found UniFi: https://www.ui.com/unifi-routing/usg/ https://www.ui.com/unifi/unifi-ap-ac-lite/ The killer feature is the UniFi Controller server software, which is available as a Debian package (I run it on a Debian VPS in the cloud). Using the WWW interface, you assemble individual devices into networks and use the controller to manage everything in a coordinated fashion: https://help.ui.com/hc/en-us/articles/220066768-UniFi-How-to-Install-Update-via-APT-on-Debian-or-Ubuntu David
Re: sharing a network connection from debian to non-debian
On Vi, 15 ian 21, 21:02:58, Dan Hitt wrote: > > So i just need to know what to do on the debian box so that it can field > requests to get ips from host names on the internet, and forward packets to > the internet modem. Hopefully, it will be some simple tool like > nm-connection-editor, but maybe it has to be a series of commands. If it > is a series of commands, what are they? In nm-connection-editor select the connection with the other system (*not* to the internet) and set the Method to "Shared to other computers" in the IPv4 tab (and IPv6 if you want so). Unfortunately the wording of the option is counterintuitive, it should probably be something like "allow other computers on this connection to use this computer's internet connection" (whichever that might be). Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: sharing a network connection from debian to non-debian
On 1/16/21 1:29 AM, john doe wrote: On 1/16/2021 6:02 AM, Dan Hitt wrote: In 2016, i had a computer with mint on it (which is a form of ubuntu), and it was connected to an internet modem. There was a super simple gui on it that i could use to share that connection with some older hardware that were not directly connected to the internet modem. (They were not connected to the internet modem because for whatever reason, directly connecting them made them very unstable and prone to crash.) But, nevertheless, the old hardware could use the mint box with no configuration on my part, and get out to the internet through it. If you could share your internet connection to multiple devices, the internet modem you are refering to is probably a router with integrated modem. Okay, I'm nitpicking here but this might be useful for the below. Now, as it happens, i'm planning on upgrading that mint box to debian. I would suggest reinstalling Debian from scratch. In preparation for that, i'm trying to share the internet with them using another box, which has debian on it, and which is connected to the internet modem. The debian box has some address like 192.168.*.* on the internet modem network, and an address like 10.*.*.* connected to the old hardware, and the two networks have no direct connection, they just both hook up to my debian machine (one on the motherboard's ethernet, and one on a usb/ethernet device). For the old hardware, i can specify the address, a gateway, and a host for dns (all done by ip). I would choose the ip of the debian box for both the gateway and the dns, and i'd take the ip address of the old hardware to just be something unused (no need to run dhcpd on the debian box, i think). You can certainly use static addressing Dnsmasq has the advantage of conbining a DHCP and DNS server. So I would say using Dnsmasq instead of Dhcpd and Bind will be way easyier if you want to go with dinamic addressing So i just need to know what to do on the debian box so that it can field requests to get ips from host names on the internet, and forward packets to the internet modem. Hopefully, it will be some simple tool like nm-connection-editor, but maybe it has to be a series of commands. If it is a series of commands, what are they? It looks like you are using a desktop environment, you might be heading for trouble trying to mix GUI tools and serving internet connection to clients. What you need on that Debian box is to route the packages from your internal network to your external network (1, might be what you want). Unless you want to learn and play with it, I would suggest you, if you can afford, to buy a ''router' with no built-in modem that you would plug behind your ISP modem. And you should look for a router with more than four output ports-- there are a couple of such--so that when you want to add a printer or two and maybe hook a laptop into your network and possibly a separate scanner--you get the idea. . . . --doug 1) https://fedoramagazine.org/internet-connection-sharing-networkmanager/ -- John Doe
Re: sharing a network connection from debian to non-debian
On 1/16/2021 6:02 AM, Dan Hitt wrote: In 2016, i had a computer with mint on it (which is a form of ubuntu), and it was connected to an internet modem. There was a super simple gui on it that i could use to share that connection with some older hardware that were not directly connected to the internet modem. (They were not connected to the internet modem because for whatever reason, directly connecting them made them very unstable and prone to crash.) But, nevertheless, the old hardware could use the mint box with no configuration on my part, and get out to the internet through it. If you could share your internet connection to multiple devices, the internet modem you are refering to is probably a router with integrated modem. Okay, I'm nitpicking here but this might be useful for the below. Now, as it happens, i'm planning on upgrading that mint box to debian. I would suggest reinstalling Debian from scratch. In preparation for that, i'm trying to share the internet with them using another box, which has debian on it, and which is connected to the internet modem. The debian box has some address like 192.168.*.* on the internet modem network, and an address like 10.*.*.* connected to the old hardware, and the two networks have no direct connection, they just both hook up to my debian machine (one on the motherboard's ethernet, and one on a usb/ethernet device). For the old hardware, i can specify the address, a gateway, and a host for dns (all done by ip). I would choose the ip of the debian box for both the gateway and the dns, and i'd take the ip address of the old hardware to just be something unused (no need to run dhcpd on the debian box, i think). You can certainly use static addressing Dnsmasq has the advantage of conbining a DHCP and DNS server. So I would say using Dnsmasq instead of Dhcpd and Bind will be way easyier if you want to go with dinamic addressing So i just need to know what to do on the debian box so that it can field requests to get ips from host names on the internet, and forward packets to the internet modem. Hopefully, it will be some simple tool like nm-connection-editor, but maybe it has to be a series of commands. If it is a series of commands, what are they? It looks like you are using a desktop environment, you might be heading for trouble trying to mix GUI tools and serving internet connection to clients. What you need on that Debian box is to route the packages from your internal network to your external network (1, might be what you want). Unless you want to learn and play with it, I would suggest you, if you can afford, to buy a ''router' with no built-in modem that you would plug behind your ISP modem. 1) https://fedoramagazine.org/internet-connection-sharing-networkmanager/ -- John Doe
Re: sharing a network connection from debian to non-debian
On 2021-01-16 05:02, Dan Hitt wrote: In 2016, i had a computer with mint on it (which is a form of ubuntu), and it was connected to an internet modem. There was a super simple gui on it that i could use to share that connection with some older hardware that were not directly connected to the internet modem. (They were not connected to the internet modem because for whatever reason, directly connecting them made them very unstable and prone to crash.) But, nevertheless, the old hardware could use the mint box with no configuration on my part, and get out to the internet through it. Now, as it happens, i'm planning on upgrading that mint box to debian. In preparation for that, i'm trying to share the internet with them using another box, which has debian on it, and which is connected to the internet modem. The debian box has some address like 192.168.*.* on the internet modem network, and an address like 10.*.*.* connected to the old hardware, and the two networks have no direct connection, they just both hook up to my debian machine (one on the motherboard's ethernet, and one on a usb/ethernet device). For the old hardware, i can specify the address, a gateway, and a host for dns (all done by ip). I would choose the ip of the debian box for both the gateway and the dns, and i'd take the ip address of the old hardware to just be something unused (no need to run dhcpd on the debian box, i think). So i just need to know what to do on the debian box so that it can field requests to get ips from host names on the internet, and forward packets to the internet modem. Hopefully, it will be some simple tool like nm-connection-editor, but maybe it has to be a series of commands. If it is a series of commands, what are they? TIA for any info! dan Bearing in mind I know little of what I speak I'd advise anybody to get a dedicated firewall/router between the local network and the internet. You can get a smallish PC for £20 which seems suitable with a minimum of 2 network cards or 4 I like pfsense which works with not much configuration and has lots of services and logging available if you want them. red -> ISP router green -> local network blue -> wireless can access internet but not local network orange -> demilitarized zone mick -- Key ID4BFEBB31
sharing a network connection from debian to non-debian
In 2016, i had a computer with mint on it (which is a form of ubuntu), and it was connected to an internet modem. There was a super simple gui on it that i could use to share that connection with some older hardware that were not directly connected to the internet modem. (They were not connected to the internet modem because for whatever reason, directly connecting them made them very unstable and prone to crash.) But, nevertheless, the old hardware could use the mint box with no configuration on my part, and get out to the internet through it. Now, as it happens, i'm planning on upgrading that mint box to debian. In preparation for that, i'm trying to share the internet with them using another box, which has debian on it, and which is connected to the internet modem. The debian box has some address like 192.168.*.* on the internet modem network, and an address like 10.*.*.* connected to the old hardware, and the two networks have no direct connection, they just both hook up to my debian machine (one on the motherboard's ethernet, and one on a usb/ethernet device). For the old hardware, i can specify the address, a gateway, and a host for dns (all done by ip). I would choose the ip of the debian box for both the gateway and the dns, and i'd take the ip address of the old hardware to just be something unused (no need to run dhcpd on the debian box, i think). So i just need to know what to do on the debian box so that it can field requests to get ips from host names on the internet, and forward packets to the internet modem. Hopefully, it will be some simple tool like nm-connection-editor, but maybe it has to be a series of commands. If it is a series of commands, what are they? TIA for any info! dan
