[welp]

Hello,

I have a Raspberry Pi which connects to the internet with an 4G USB dongle, I'm using wvdial and it's working fine. I want to attach another device to the Ethernet port and share the connection with it. I read some examples that suggest installing iptables and dnsmasq, but I can't seem to make it work.

Is anyone able to assist me with the correct setup?!

These are the parts I've modified in /etc/dnsmasq.conf
$this->bbcode_second_pass_code('', '
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=eth0
# Or you can specify which interface _not_ to listen on
except-interface=wwan0

# This is an example of a DHCP range where the netmask is given. This
# is needed for networks we reach the dnsmasq DHCP server via a relay
# agent. If you don't know what a DHCP relay agent is, you probably
# don't need to worry about this.
dhcp-range=eth0,192.168.88.1,192.168.88.254,255.255.255.0,12h')

What I see in the log is:
$this->bbcode_second_pass_code('', 'Dec 12 20:52:02 systemd[1]: Starting A lightweight DHCP and caching DNS server...
Dec 12 20:52:02 dnsmasq[1073]: dnsmasq: syntax check OK.
Dec 12 20:52:02 systemd[1]: Started A lightweight DHCP and caching DNS server.
Dec 12 20:52:02 dnsmasq[1074]: started, version 2.78 cachesize 150
Dec 12 20:52:02 dnsmasq[1074]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
Dec 12 20:52:02 dnsmasq[1074]: DBus support enabled: connected to system bus
Dec 12 20:52:02 dnsmasq[1074]: warning: interface eth0 does not currently exist
Dec 12 20:52:02 dnsmasq-dhcp[1074]: DHCP, IP range 192.168.88.1 -- 192.168.88.254, lease time 12h
Dec 12 20:52:02 dnsmasq[1074]: reading /etc/resolv.conf
Dec 12 20:52:02 dnsmasq[1074]: using nameserver 85.118.197.4#53
Dec 12 20:52:02 dnsmasq[1074]: using nameserver 85.118.197.68#53
Dec 12 20:52:02 dnsmasq[1074]: read /etc/hosts - 3 addresses
Dec 12 20:52:08 dnsmasq-dhcp[1074]: DHCP packet received on eth0 which has no address
Dec 12 20:52:09 dnsmasq-dhcp[1074]: DHCP packet received on eth0 which has no address
Dec 12 20:52:12 dnsmasq-dhcp[1074]: DHCP packet received on eth0 which has no address
Dec 12 20:52:16 dnsmasq-dhcp[1074]: DHCP packet received on eth0 which has no address')

It appears that for some reason the second device cannot obtain an IP address from the R-Pi.

[welp]

OK, it turned out I had to assign an IP address to the eth0 device on the R-Pi and this solved the "dnsmasq-dhcp[1074]: DHCP packet received on eth0 which has no address" error, now the second machine gets its own IP from dnsmasq.

How do I make the computer/device that's attached to the R-Pi to access the internet?!

[summers]

You will need to set up routing tables
$this->bbcode_second_pass_code('', 'ip route')
and forwarding rules, via kernel flags and/or iptables ...

Basic ideas are: https://wiki.archlinux.org/index.php/Internet_sharing which note it goes via masquerade. If you don't want that (e.g. so you can directly connect to the machine on the ethernet) then you'll need to routing set up ....

[welp]

Hey summers, thanks for the suggestion, in the mean time I've finally figured it out so I'll write in detail here what I did in case it's useful for someone else as well.

$this->bbcode_list('a')

Created /etc/systemd/network/eth.network which assigns an IP address to R-Pi's eth0:
$this->bbcode_second_pass_code('', '[Match]
Name=eth0

[Network]
Address=192.168.88.2/24
#Gateway=10.1.10.1
#DNS=10.1.10.1
#DNS=8.8.8.8')

# systemctl enable systemd-networkd.service

Out of the many iptables examples online the following did the trick:
$this->bbcode_second_pass_code('', '# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE')

To make that permanent:
$this->bbcode_second_pass_code('', '# iptables-save > /etc/iptables/iptables.rules')

# systemctl enable iptables.service

[summers]

Oh yes, to do the same with nftables use:
$this->bbcode_second_pass_code('', 'table ip nat {
chain prerouting {
type nat hook prerouting priority 0; policy accept;
}

chain postrouting {
type nat hook postrouting priority 100; policy accept;
masquerade
}
}
table inet filter {
chain input {
type filter hook input priority 0; policy accept;
ct state { established, related} accept
ct state invalid drop
iifname "lo" accept
ip protocol icmp accept
ip6 nexthdr ipv6-icmp accept
tcp dport ssh accept
meta nfproto ipv4 reject
}

chain forward {
type filter hook forward priority 0; policy accept;
}

chain output {
type filter hook output priority 0; policy accept;
}
}
') in /etc/nftables.conf

and enable nftables.service.

nftables is the newer replacement for iptables, similar but not identical functionality. It installs more in the kernel than iptables.

You'll only need routing, if you need to access the attached machine from outside the machine it is attached to. Eg for me, the BBB is plugged into the NAS, which goes into my ADSL router. The BBB lives on 192.168.7.2, which isn't my local network (192.168.2.x) so usually you couldn't route to the BBB, but by setting up a 192.168.7.x routing on the ADSL router, that points to the NAS, then I can connect to the BBB from anywhere on the LAN.

Oh yes, let me know if you get IPv6 to work - I havn't yet got it to work with stateless IPv6 ...