Web lists-archives.com

Re: Mixing and Matching DHCP and static IPs




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Fletcher wrote:
> [...]
> AirStation LAN is 192.168.11.0/24, outside AirStation LAN is 
> 192.168.1.1, .2 and .3 -- note the third octet difference for internal 

You seem to have set up a situation of double-NAT.  This means that
while 11.x can easily talk to a device on the 1.x network, the opposite
is not true.

> Once I introduce the PI, (by plugging it into the switch, in case that 
> isn't obvious) I find I cannot reach it (by ping or by SSH) from inside 
> the LAN of my AirStation. For example, from my main Stretch desktop, I 
> cannot ping or SSH to the PI at 192.168.1.3. I can both ping and SSH to 
> the firewall at 192.168.1.1.
>
> If I SSH into the firewall, and then try to SSH from _there_ to 
> 192.168.1.3, I can connect no problem. And I log in to the PI to find it 
> bright eyed and bushy tailed, and able to connect to the internet (which 
> it must do through the firewall just as all traffic from the AirStation 
> does). But if I can't see it from the LAN, I can't use it for the 
> purpose I spent the last week of my life building it for... :(

Sounds like perhaps the airstation is blocking client devices from
talking to "bogus" network addresses.  This is generally a feature of
consumer gear to stop you from trying to ask the internet for
information about a RFC1918 address (as they are private / not routable
on the internet).

>
> Now 192.168.1.1 is the default gateway the firewall supplies the 
> AirStation (ie it supplies itself as the gateway) when the AirStation 
> makes a DHCP request, and I'm guessing that is why I can reach 
> 192.168.1.1 from inside the LAN (ie the LAN side of the AirStation). I 
> am wondering if the AirStation somehow doesn't know that it can reach 
> 192.168.1.3 directly, which I would expect it to since it is plugged 
> into the same switch as it and 192.168.1.1 -- and if so, how I would 
> persuade it to know that? I would also expect that if it did not know 
> that, it would send packets for 192.168.1.3 to 192.168.1.1 for 
> forwarding, just as it does every packet that is destined for the 
> internet -- and I would expect the firewall to be able to forward them, 
> since it can clearly see the PI.


No, the airstation having been given an address 192.168.1.x/24 will know
that it can directly reach any host 192.168.1.1 through 192.168.1.254
inclusive.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJaQjN0AAoJEI4R3fMSeaKBphsH/2LEj+7f49OPmcpz3HO/yjqU
bewELs1d0pWNWS6Tx92Wgy0RyL5j0NEqJIaz/FmmFu3gQ2wF2EZGwM7e1eUl3EJX
E0tdd1/pFDfBX54inKKWIwF1egj/vo4AVl8KzjXRRL7FWfp+pB0wm96f/yjj6qXV
knA6LuH6utJyI/jPqc3oyRUbB2KsTIvfLfyY5YhaN4uAZLWsk+ylKowYm13rys2d
8Lx7bi3ATRb6gR2UGQWY+6ddMOVtMp+b0FH0GUFp3NX3ppbqZkM2uTviBqxppzAZ
zLK5QewjMu99KhrVJcPAFTO/B8tfwUgP/cC0aCFJjkkkaqIOPVVKPp3g4V60mHE=
=0FzT
-----END PGP SIGNATURE-----

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281