On Sun, Jan 24, 2021 at 2:05 PM Dan Hitt <dan.h...@gmail.com> wrote: > > > On Sun, Jan 24, 2021 at 9:16 AM Andrei POPESCU <andreimpope...@gmail.com> > wrote: > >> On Sb, 16 ian 21, 10:28:43, Dan Hitt wrote: >> > >> > Regarding Andrei's suggestion of using nm-connection-editor, and using >> > "Shared to other computers", i saw that last night, and tried using >> it. It >> > looked similar to the gui that i had on my old mint (ubuntu) machine. >> ........ >> >> Eventually I got around to actually test this. >> >> First thing I noticed is that some of the necessary components are >> Recommends of network-manager (dnsmasq-base and iptables, confirmed by >> the package description). Unless installation of Recommends is >> explicitly disabled these should already be installed. >> >> Next I added a new connection of type "Ethernet" and left everything at >> default, except for setting the "Method" to "Shared to other computers" >> in the "IPv4 Settings" tab. For good measure I restarted the entire >> system, though I believe simply enabling the connection would have been >> enough. >> >> With these the system at the other end of the cable received a DHCP >> address in the 10.42.0.0/24 network and was able to ping both the "lan" >> as well as the "wan" interface of the "gateway". According to my reading >> the network can be changed by setting an address as desired. >> >> Unfortunately that is as far as I got. Since there are no recent reports >> of problems with this I strongly suspect the issue is some >> incompatibility between nft and the "special" 3.18 kernel running on the >> "gateway" system. >> >> IPv4 forwarding was enabled correctly and I also tried a workaround for >> an old bug (fixed already in stretch), i.e. setting IPv6 to "Ignore" >> (and restarting). >> >> In case someone is interested to dig deeper I'm attaching the output of >> 'nft list ruleset' (with the MAC address of the USB adapter redacted). >> >> Based on your symptoms I strongly suspect either one or both of >> dnsmasq-base and iptables were missing from your system. >> >> Kind regards, >> Andrei >> -- >> http://wiki.debian.org/FAQsFromDebianUser > > > Thanks Andrei for being so nice and going to all this effort, and posting > the results of running > nft list ruleset > > Now, i do not have a command 'nft', or at least, no place that i can find > a path to it. The man page for iptables-nft however lists your very > command as an example, 'nft list ruleset'. But i cannot find 'nft' > anywhere in the filesystem (except as a directory in linux-headers-xxxx). > > However, i do have commands /sbin/iptables and /sbin/iptables-nft. When i > run either of them with the arguments --list-rules i get an output. But it > is much shorter than yours, and '--verbose' only lengthens it very little. > > The output is: > > -P INPUT ACCEPT > -P FORWARD ACCEPT > -P OUTPUT ACCEPT > -A FORWARD -i enxXXXXXXXXX -j ACCEPT > > while the verbose output is the same, except that the forward line now > reads > -A FORWARD -i enxXXXXXXXXX -c NNN MMMM -j ACCEPT > > (I've redacted the usb-ethernet id, as well as the two mysterious numbers > after '-c': one having 3 digits and one having 5 digits.) > > Anyhow, thanks again for pursuing this so far. >
One other thing i should add: I just installed xubuntu 20.4.1 on another computer, and the only other package i installed was emacs. So it should be very clean. I ran 'All Applications' > 'Advanced Network Configuration' and it popped up a gui which looks very, very similar to nm-connection-editor. (So i think it's the same software, although perhaps not exactly the same version.) I renamed the connections from 'Wired connection 1' and 'Wired connection 2' to something more readable, and for the connection to a third (ancient) computer, i changed the IPv4 setting to 'Shared to other computers'. I did absolutely nothing else, including giving it an ip address, or a net mask, or just anything. And there's no DHCP service on that LAN; no other computer is handing out ip addresses (as far as i know). Nevertheless, as soon as i clicked 'Save', my ancient computer could see the internet through the xubuntu machine. The address xubuntu took for itself was 10.42.0.1, which is the same address as the previous OS on that box took. Perhaps that is a magic address. There's an old debian message which suggests this: https://lists.debian.org/debian-user/2016/07/msg00422.html It's not a burning issue for me any more, but i still wonder about getting an 'nft' command, and anything else anybody knows. Thanks Andrei and everybody else for all your help. dan
