Caution

This tool was written completely by Claude Sonnet 4.6 - use at your own risk!

netshare

A dynamic CLI tool for managing internet sharing between network interfaces — DHCP server, NAT, and firewall configuration, all handled automatically.

What it does

• Detects all available interfaces at runtime and presents them in an aligned table
• Walks you through setup interactively — picks sensible defaults for subnets, DHCP ranges, and DNS
• Saves named profiles so you can bring setups up/down in one command without reconfiguring
• Installs missing packages (dnsmasq, iptables) via your system package manager
• Handles firewall conflicts — detects and configures UFW, firewalld, or raw iptables as appropriate
• Handles NetworkManager — marks the downstream interface as unmanaged for the session so NM doesn't interfere
• Detects interface conflicts — warns and offers to tear down active profiles that share an interface with the one you're starting
• Cleans up orphaned configs on every invocation — if a reboot happens while a profile is active, leftover dnsmasq and NM configs are removed automatically so interfaces are never permanently stuck

Quick start

# No install needed — just run directly:
./netshare.sh setup

# Or install it system-wide first:
./netshare.sh install
netshare setup

Requires bash 4.0+ (standard on any Linux since ~2009).

---

Commands

Command	Description
setup	Interactive wizard — configure and optionally apply a profile
up [profile]	Bring up a saved profile
down [profile]	Tear down an active session (must be active; errors if not)
restart [profile]	Bring down then back up — use after re-plugging an adapter
status	Show interfaces, active sessions, and saved profiles
list	List saved profiles
edit [profile]	Re-run the wizard to update an existing profile
delete [profile]	Delete a saved profile (must be inactive)
install [path]	Copy script to path (default: /usr/local/bin/netshare)
uninstall [path]	Remove all netshare system files, with option to delete profiles too
help	Show usage

If [profile] is omitted, netshare will prompt you to pick from the available list.

---

Walkthrough

First time on a new machine:

./netshare.sh setup

The wizard:

1. Shows a table of all detected interfaces with type, state, and current addresses
2. Asks which interface is upstream (internet-facing)
3. Asks which interface is downstream (LAN / where clients connect)
4. Asks for subnet, server IP, DHCP range, lease time, DNS servers
5. Suggests sensible defaults for everything — just hit Enter to accept
6. Saves the config as a named profile
7. Optionally applies it immediately (escalates to sudo at this point)

Every time after:

netshare up             # brings up your only/default profile
netshare up myprofile   # specific profile
netshare down           # tears it all down

---

What gets configured

Component	What netshare does
ip addr	Assigns static IP to the downstream interface
ip_forward	Enables /proc/sys/net/ipv4/ip_forward
iptables	MASQUERADE on upstream, FORWARD rules, INPUT allow for LAN subnet
dnsmasq	Writes /etc/dnsmasq.d/netshare-<profile>.conf; removed on teardown
UFW	Adds allow rule for LAN subnet + sets DEFAULT_FORWARD_POLICY=ACCEPT if needed
firewalld	Assigns interfaces to internal/external zones + enables masquerade
NetworkManager	Marks downstream as unmanaged for the session via a keyfile in /etc/NetworkManager/conf.d/; removed on teardown

---

Profiles

Profiles are plain bash-sourceable KEY=VALUE files stored in ~/.config/netshare/profiles/. You can edit them by hand if needed.

Example (~/.config/netshare/profiles/default.conf):

UPSTREAM=wlx7419f816b156
DOWNSTREAM=enp3s0
SUBNET=10.11.11.0/24
SERVER_IP=10.11.11.1
DHCP_START=10.11.11.30
DHCP_END=10.11.11.254
LEASE_TIME=12h
DNS_SERVERS=8.8.8.8,1.1.1.1
EXTRA_OPTS=

---

Behaviour notes

1. Running multiple profiles simultaneously

   Multiple profiles can be active at the same time as long as they use completely different interfaces (e.g. sharing over eth0 from wifi0, and separately sharing over eth1 from wifi1). If you try to bring up a profile that shares an interface with an already-active one, netshare will list the conflicts and offer to tear down the conflicting profile(s) before proceeding.

   If you try to bring up a profile that is already active, netshare will ask if you want to bring it down and re-apply — useful if something has got into a bad state.

2. WiFi as the downstream interface

   Selecting a WiFi adapter as the downstream (LAN) interface will appear to succeed — the IP gets assigned, dnsmasq starts, iptables rules are applied — but no clients will be able to connect. A WiFi adapter in managed mode (associated with an AP) only communicates with that AP; other devices cannot associate with it as if it were an access point. To share internet over WiFi you need a separate adapter placed into AP mode using hostapd, which is outside the scope of netshare. When you select a WiFi downstream, netshare will warn you about this and ask for confirmation before continuing.

3. Ethernet adapters are strongly recommended for the downstream interface.

4. Forcing a teardown

   netshare down will refuse to do anything if the named profile is not currently active — it won't touch system state it doesn't own. If you end up in a situation where state was genuinely lost (outside of a normal reboot, which is handled automatically), you can force-clean the netshare-owned configs for a profile with:

   netshare down --force myprofile

   This removes the dnsmasq config, NM unmanaged file, and iptables rules for that profile, but deliberately skips resetting ip_forward since there is no saved record of its prior state.

5. Re-plugging an adapter

   If you unplug and re-plug the downstream adapter while a profile is active, the kernel drops the interface state. Run:

   netshare restart [profile]

   This does a clean teardown and bring-up in one step. There is no automatic recovery — a background daemon would be needed for that.

6. Upstream interface has no route

   If the upstream interface has no default route at bring-up time, netshare warns you and asks whether to continue. Internet sharing obviously won't work until the upstream has connectivity.

7. Reboot while a profile is active

   /var/run/netshare/ is tmpfs and is wiped on reboot, so active state files are gone. However, the NM unmanaged config and dnsmasq config on disk would persist and cause problems (NM permanently ignoring your downstream interface). netshare handles this: on every invocation as root, it silently scans for orphaned netshare-* files in /etc/dnsmasq.d/ and /etc/NetworkManager/conf.d/ that have no matching state file, and removes them. So after a reboot everything returns to normal on the next netshare run.

8. dnsmasq without a systemd unit

   On some systems dnsmasq is installed as a library dependency (e.g. by NetworkManager or libvirt) without a standalone service unit. netshare detects this and launches dnsmasq directly with --conf-file instead of via systemctl.

9. Firewall detection

   UFW and firewalld are detected at bring-up time. If either is active, zone/rule configuration is applied on top of the raw iptables rules. On teardown those rules are removed. If neither is active, only iptables is used.

---

Uninstalling

netshare uninstall

This will:

1. Tear down any active sessions cleanly
2. Remove all dnsmasq configs from /etc/dnsmasq.d/
3. Remove all NM unmanaged configs from /etc/NetworkManager/conf.d/
4. Remove the state directory at /var/run/netshare/
5. Ask whether to delete your saved profiles in ~/.config/netshare/
6. Remove the installed script itself

---

Requirements

• Linux with ip and iptables
• bash 4.0+
• dnsmasq (auto-installed if missing)
• sudo access for bring-up/down operations