For the first question, sounds reasonable. You should check the "firewall policy show" output. Different LIFs have different policies assigned.
For SnapMirror to work, you must have at least 1 (prefer 2) LIFs on each node of the source and destination controllers. Since you are going A-> B -> C and they way you phrase it I suspect A cannot talk to C then what you ultimately need to do is this:
1. Setup SnapMirror on LIFs from A->B
2. Create a NEW IPSPACE on B for Intercluster LIFs from B to C.
3. Create the LIFs on B in the new IPSPACE
4. Create the LIFs on C (standard IPSPACE should be OK)
For the replication to work, it require basically a full-mesh PING. So A would need to PING B.
B however, since it talks to A and C would need to be able to PING A and C. By putting in different IPSPACES, B would need to ping all A nodes or Ping all C nodes and it can because they are in different IPspaces. Then A does not need to worry about C.
Hopefully that makes a little sense!