Your first screenshot shows (I think) that you have configured Computer #1 with a manually entered IP address of 192.168.70.1. It's been a while since I played with this, but I dug into some of the details of Internet Connection Sharing a while ago - see an answer I wrote back in 2014 here: https://apple.stackexchange.com/a/135163/22953.

When Internet Connection Sharing is turned on on Computer #2, that machine will have two IP addresses - one for WiFi and one for Ethernet. Each will be in a different subnet. For example: WiFi gets 192.168.61.x, and Ethernet gets 192.168.2.y.

Computer #1 will need an IP address in the same subnet as the Ethernet interface on Computer #2... so 192.168.2.z.

When I wrote that answer in 2014, it seemed likely that the Ethernet subnet here would be 192.168.2, not 192.168.70. I think if you set Computer #1 to configure "Using DHCP" instead of "Manually", I hope it should be assigned an address like that automatically.


Ashley's answer is very good.

Alternatively (if there are issues putting both networks in the 192.168.61.xxx range from your router), you can try choosing an address outside the dhcp range of your router (likely something above 192.168.61.200, check or change router settings).

Or you can try to widen the ip address range of your computer and the ones attached to your Thunderbolt port by changing the subnet mask to 255.255.0.0. This should allow you to keep the 192.168.70.xxx IP addresses on your "middleman" computer and to manually assign the other computers in your net a 192.168.61.xxx IP address (again, outside the dhcp range which should be set to below 192.168.61.200). If you have a second router between the middleman computer and the others, that also needs the changed subnet mask, better with DHCP turned off and a static external IP address in accordance with your Thunderbolt network or your internet router (would have to test such a setup to be sure). If you don't, you might want to change the router address to your actual router (192.168.61.1), which the widened subnet mask makes possible, or leave the router out, if the system allows.