I have two machines - M1 and M2 - connected via an Ethernet LAN. M1 has a 3G modem for Internet connection. The modem uses 192.168.1.1 as its IP. I therefore use 192.168.2.X for the LAN. M1 is 192.168.2.1 and M2 is 192.168.2.2.

I'd like to make the Internet available to M2. As I understand it, this requires that M2 have a gateway enabled, probably 192.168.2.1. M1 perhaps needs a bridge to connect the two networks, but this is a ??? "software bridge" within the machine.

All of the bridge documentation I've seen assumes connection between two physical networks. I'm unsure of the statements required in /etc/networks/interface to achieve my requirement.

M1 /etc/networks/interface:
auto eth0
iface eth0 inet static
address 192.168.2.1
netmask 255.255.255.0
broadcast 192.168.2.255

M2 /etc/networks/interface:
auto eth0
iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
broadcast 192.168.2.255

Possible additions for bridging:

M1:
iface br0 inet static
bridge_ports eth0 eth1
address 192.168.2.1
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1

M2:
Add to eth0:
gateway 192.168.2.1

Running ifconfig on M1:

eth0 Link encap:Ethernet HWaddr 00:1c:c0:2d:36:d1
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1

eth1 Link encap:Ethernet HWaddr 0c:5b:8f:27:9a:64
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::e5b:8fff:fe27:9a64/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

The address 192.168.1.100 was assigned by the modem's DHCP.

So far I've not had success with this. I'd be most grateful for any EXPLANATORY assistance, including reference to uptodate documentation. I've searched the forums, but none of the replies are explanatory, merely "how to fix it" type things that aren't relevant.

Not sure if a bridge is what you seek. I'd be thinking Iptables to share internet.

https://help.ubuntu.com/community/In...nectionSharing

https://www.howtoforge.com/internet-...ading-on-linux

If you really mean you need or want a bridge then I can't say.

Some distro's offer sharing as a feature too by gui.

Thanks for the comment. No, a bridge was just my guess, don't know about iptables. Following your links suggests that the second one should do the trick.

MASQUERADING - something I'd long forgotten about, or Internet Connection Sharing in M$ terminology. Will report back after trying it.

Most grateful.

Let us know how it goes.

> Let us know how it goes.

OK. Well, there's some good news but more middling to bad. First up, I can't arrive at definitive conclusions for lack of time and need, so what follows should be taken as error-prone.

The key is my statement, "this is a ??? "software bridge" within the machine." It appears that bridging won't solve my problem for this reason. Bridges apparently work only between physical networks.

The required solution is masquerading, and the problem here is not a lack of documentation, but a plethora - yea, a veritable ocean - of highly detailed documentation, all of which I am urged to read and digest, but NO COMPETENT OVERVIEWS EXPLAINING CONCEPTS AND INCLUDING DIAGRAMS.

Good diagrams are essential for explaining abstractions to newcomers, but have long since disappeared from modern documentation, despite excellent tools for creating them. Instead, one must devote hours to reading detailed but often badly written technical descriptions. This is part of the "corporatization" of Linux, and the slow disappearance of what I believe deserves much better support: Personal Linux.

The only project of which I know that's active in this area is Devuan:

https://devuan.org/

Anyway, that's another discussion that I'd much like to have, but not here. I found what appeared to be a competent article, but it described a different distro and so wasn't relevant to the Debian 8.2 I'm using:

https://www.howtoforge.com/internet-...ading-on-linux

So I posted on the Debian forum for assistance:

http://forums.debian.net/viewtopic.php?f=5&t=138462

They didn't like the article, and offered good suggestions, but most of them simply urged me to become an expert in iptables and firewalling.

The solution is apparently to have the firewall redirect incoming queries to another IP address, and suitably redirect responses, the function of masquerading. However, I'm a retired hobbyist; Linux is just one of my activities, networking a small part of that, firewalls etc a still smaller part of THAT, and my interest in pursuing the matter has died.

I've opted for a different solution, so I'll mark the thread SOLVED, but IMHO it's a sorry and unsatisfactory solution. Thanks again to those who replied.

There is often a learning curve involved with these things. As with many topics, there are lots of guides that make all kinds of assumptions about the system environment and the knowledge the reader has etc, so it's common to have to read a number of articles before one may have a sufficient grip on the task at hand. Here's a graphical guide that might help with your understanding though...

http://billauer.co.il/ipmasq-html.html

My approach would be to experiment with commands on the fly first, then once it is working as you'd like, proceed with creating a script to make permanent or invoke masquerading when you require it.

This command is used to tell the kernel that you want to allow packet forwarding
These minimal rules should be sufficient to get masquerading working

Wow! Most grateful and many thanks! I'm setting up a new machine from an old one that's on its last legs until I do a reinstall, so the last thing I wanted was to screw it up unrecoverably.

You've provided EXACTLY what I was looking for.

I've assumed that you have the appropriate IP configuration in place as well. In this example I assume you have something like the following...

3G modem-------eth0<M1>eth1-------eth0<M2>

The 3G modem is connected to M1 eth0 and it will have a DHCP-assigned IP address and gateway.

The M1 eth1 interface and M2 eth0 interface should be assigned with static IP addresses in a common subnet. For example
192.168.3.1 and 192.168.3.2 respectively, and the default gateway for M2 needs to be assigned as 192.168.3.1

OK, I'll check the details now that I'm confident to proceed. Thanks again.