Le 25/12/2017 à 16:23, Mark Fletcher a écrit :
There's no way to describe this with all the relevant info in a short way
Yes there is a way. You really talk too much.
so I'll try instead to make this as entertaining a read as I can.
You failed. Ther result is just long and boring.
the internal-facing firewall interface is 192.168.1.1 (static, works), the DHCP server I set up on the firewall gives out 192.168.1.2 to the AirStation (works), and I have configured the PI to use 192.168.1.3 (static, partly works). So inside AirStation LAN is 192.168.11.0/24, outside AirStation LAN is 192.168.1.1, .2 and .3 -- note the third octet difference for internal and external.
(...)
Once I introduce the PI, (by plugging it into the switch, in case that isn't obvious) I find I cannot reach it (by ping or by SSH) from inside the LAN of my AirStation. For example, from my main Stretch desktop, I cannot ping or SSH to the PI at 192.168.1.3.
What happens when you try ?
If I SSH into the firewall, and then try to SSH from _there_ to 192.168.1.3, I can connect no problem. And I log in to the PI to find it bright eyed and bushy tailed, and able to connect to the internet (which it must do through the firewall just as all traffic from the AirStation does). But if I can't see it from the LAN, I can't use it for the purpose I spent the last week of my life building it for... :(
What is the netmask configured on the Pi ? Can you show the full routing table on the Pi ? What are the subnet and netmask advertised by the DHCP server running on the firewall ? Can you display the full routing table of the Airstation, including routes on the WAN interface ?
Did you run a packet sniffer on the firewall and the Pi to look what's going on ?
