Web lists-archives.com

Re: Mixing and Matching DHCP and static IPs

Hash: SHA1

Mark Fletcher wrote:
> [...]
> AirStation LAN is, outside AirStation LAN is 
>, .2 and .3 -- note the third octet difference for internal 

You seem to have set up a situation of double-NAT.  This means that
while 11.x can easily talk to a device on the 1.x network, the opposite
is not true.

> Once I introduce the PI, (by plugging it into the switch, in case that 
> isn't obvious) I find I cannot reach it (by ping or by SSH) from inside 
> the LAN of my AirStation. For example, from my main Stretch desktop, I 
> cannot ping or SSH to the PI at I can both ping and SSH to 
> the firewall at
> If I SSH into the firewall, and then try to SSH from _there_ to 
>, I can connect no problem. And I log in to the PI to find it 
> bright eyed and bushy tailed, and able to connect to the internet (which 
> it must do through the firewall just as all traffic from the AirStation 
> does). But if I can't see it from the LAN, I can't use it for the 
> purpose I spent the last week of my life building it for... :(

Sounds like perhaps the airstation is blocking client devices from
talking to "bogus" network addresses.  This is generally a feature of
consumer gear to stop you from trying to ask the internet for
information about a RFC1918 address (as they are private / not routable
on the internet).

> Now is the default gateway the firewall supplies the 
> AirStation (ie it supplies itself as the gateway) when the AirStation 
> makes a DHCP request, and I'm guessing that is why I can reach 
> from inside the LAN (ie the LAN side of the AirStation). I 
> am wondering if the AirStation somehow doesn't know that it can reach 
> directly, which I would expect it to since it is plugged 
> into the same switch as it and -- and if so, how I would 
> persuade it to know that? I would also expect that if it did not know 
> that, it would send packets for to for 
> forwarding, just as it does every packet that is destined for the 
> internet -- and I would expect the firewall to be able to forward them, 
> since it can clearly see the PI.

No, the airstation having been given an address 192.168.1.x/24 will know
that it can directly reach any host through

Version: GnuPG v1


|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281