On Mon, January 23, 2017 5:26 pm, jungle Boogie wrote: > On 23 January 2017 at 08:29, trondd <tro...@kagu-tsuchi.com> wrote: >> >> Can the BBB ping the ISP router internal interface IP? >> > > Yes, it can ping 192.168.0.1 and anything else connected to the ISP > router. > >> Double check your default gateway settings on the BBB and ERL. > > BBB: > > Internet: > Destination Gateway Flags Netif Expire > default 172.16.13.1 UGS cpsw0 > 127.0.0.1 link#2 UH lo0 > 172.16.13.0/24 link#1 U cpsw0 > 172.16.13.4 link#1 UHS lo0 > > > from ERL here's 172.16.13: > 172.16.13/24 172.16.13.1 UCn 0 10 - 4 > cnmac1 > 172.16.13.1 00:be:ef:10:00:01 UHLl 0 695 - 1 > cnmac1 > 172.16.13.255 172.16.13.1 UHb 0 0 - 1 > cnmac1 > > >> >> Fire up tcpdump on each interface along the way and see how far the >> packets get. >> > > I've done this from the BBB and see the requests but not any replies > for pings. I'll run it on ERL while doing pings on BBB. >
Check the external interface and make sure the source IP has been translated. > > Do you have a double-NAT pf example you can share? > Not easily. I've done it to run VMM vm's through wifi (which requires a NAT setup) and then through my main router which also does NAT. I 'block all' and tend to be specific about what can go where so it's a large configuration. For ping: On my router, I use: match out on $wan_if inet from $lan_net to any nat-to ($wan_if) pass in log on $lan_if inet proto icmp all icmp-type echoreq pass out log inet proto icmp all icmp-type echoreq On my laptap: match out on egress inet from $vm_net to any nat-to (egress:0) pass out quick proto icmp all Maybe make rules that are very specific to the BBB and ERL IPs in question. And/or make sure 'egress' is the interface you thing it is.
