On Mon, Dec 25, 2017 at 06:00:00PM +0100, deloptes wrote: > Henning Follmann wrote: > > Mark can start by drawing a diagram of the setup, configuring the DHCP an > DNS and firewall properly. > Ad DHCP Mark, you can setup a range with static and a range with dynamic IP > addresses. All that has static address must still be in the DNS to be > resolved.
Hmmm it seems like you think I'm saying my network is fundamentally broken. It isn't -- works fine except for the one problem of not being able to reach the PI from the AirStation LAN. If I could just convince the AirStation's WAN side that 192.168.1.3 is on the same subnet as it, I'd be away. > > I did not get it at which level you split the network in two > (internal/external or private/public) - I assume this is the firewall. It > also means the firewall has 2 interfaces - one for internal and one for > external network. You need a good IP-tables setup to make interconnect > possible. > split -- there are essentially two splits because there are two firewalls -- one of which I want and one I can't turn off. The firewall I set up sits at the outermost edge of the network (obviously) and has 2 interfaces. The other is at the AirStation, which regards its WAN port as the outside but that is actually connected to the inside of the real firewall. Firewall, iptables etc -- Yep set that up ages ago. That's been working for a year or so. And the two interfaces of the firewall were covered in my original post. > What I describe is the most simple scenario and as Henning mentioned forget > the dns caching for now, until all this stands. I advise start with > DNS/DHCP in the internal (private) network. Again if I drop the dns caching, I would be back to the network I've been running up to now which certainly works but continues to have the problem I'm trying to solve which is what happens when the ISP changes their DNS addresses. My firewall will smoothly switch gears but the AirStation won't. The caching DNS server is designed to fix that. Having the DHCP server on the firewall pass root DNS servers like 8.8.8.8 to the AirStation would dodge the issue, but the advice I got on this forum in the past was set up a local DNS cache, and I thought that sounded like a fun toy, so here I am. Mark