On Tue, Dec 26, 2017 at 03:02:46PM -0000, Dan Purgert wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >> > > The netmask is 255.255.255.252. I just tried changing it to 248, ie > > zeroing out one more bit, but that did not help. (changed it by changing > > the netmask supplied by the firewall's DHCP server and then checking in > > the AirStation's web interface that the netmask had indeed changed). > > This is the absolute most key piece of information that was required to > help troubleshoot your problem ... > > 255.255.255.252 is /30, meaning you only had two usable addresses > (192.168.1.1, and 192.168.1.2 -- 192.168.1.3 was the broadcast. Strange > that you could ssh from the firewall device to this IP address, but no > matter). > > Switch everything - airstation, upstream firewall, rpi, anything else to > /29 (255.255.255.248), and restart their relevant interfaces. Don't > forget to update any iptables rules, etc. that may have triggered on the > netmask. > > OK -- although to Pascal's point, I think I'll go with 255.255.255.0 -- no reason not to. But nonetheless that is what I will do next. Will advise (tomorrow -- it's past my bedtime now).
Mark