IP subnet routing question within LAN
JasonMel
Newbie

Is anyone familiar with IP routing and IP subnets?

Since I needed a fifth computer connected to the Actiontec router, I created a TCP-IP subnet with one of the connected computers and put the fifth computer on that subnet. I added a route to the Actiontec advanced config screen locating the subnet on the correct computer, and enabled Windows XP's built-in router ability in the registry on the routing computer between the fifth computer and the Actiontec.

After doing this, the fifth computer is able to access the internet now, and it can ping its immediate gateway and the router, and vice versa. All of the original four computers can still ping each other. However, the fifth computer can't ping the other LAN computers besides its immediate gateway, nor can they ping it. The practical consequence is that file and printer sharing (and probably LAN gaming, though I haven't tested it) is not possible from the fifth computer to the 3 other computers not on the subnet, or vice versa.

Details:

Router:

  IP: 192.168.1.1

  DHCP range: 192.168.1.2 - 192.168.1.127

  Static address 192.168.1.6

  Dynamically assigned addresses to other 3 of 4 directly connected to router

  New Route:

    destination 192.168.1.128

    subnet mask 255.255.255.128

    gateway 192.168.1.6

    metric 1

Routing computer (one of the original four):

  NIC #1:

    IP: 192.168.1.6

    DHCP enabled: no

    Subnet Mask: 255.255.255.0

    Default Gateway: 192.168.1.1

  NIC #2:

    IP: 192.168.1.129

    DHCP enabled: no

    Subnet Mask: 255.255.255.128

    Default Gateway: (blank)

Fifth computer:

  IP: 192.168.1.130

  DHCP enabled: no

  Subnet mask: 255.255.255.128

  Default Gateway: 192.168.1.129

Routing tables (as given with "route print" Windows command):

Routing computer:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.6       10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      169.254.0.0      255.255.0.0      192.168.1.6     192.168.1.6       20
      192.168.1.0    255.255.255.0      192.168.1.6     192.168.1.6       10
      192.168.1.6  255.255.255.255        127.0.0.1       127.0.0.1       10
    192.168.1.128  255.255.255.128    192.168.1.129   192.168.1.129       10
    192.168.1.129  255.255.255.255        127.0.0.1       127.0.0.1       10
    192.168.1.255  255.255.255.255      192.168.1.6     192.168.1.6       10
    192.168.1.255  255.255.255.255    192.168.1.129   192.168.1.129       10
        224.0.0.0        240.0.0.0      192.168.1.6     192.168.1.6       10
        224.0.0.0        240.0.0.0    192.168.1.129   192.168.1.129       10
  255.255.255.255  255.255.255.255      192.168.1.6     192.168.1.6       1
  255.255.255.255  255.255.255.255    192.168.1.129   192.168.1.129       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

Fifth computer:

===========================================================================

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.129   192.168.1.130       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
    192.168.1.128  255.255.255.128    192.168.1.130   192.168.1.130       20
    192.168.1.130  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255    192.168.1.130   192.168.1.130       20
        224.0.0.0        240.0.0.0    192.168.1.130   192.168.1.130       20
  255.255.255.255  255.255.255.255    192.168.1.130   192.168.1.130       1
Default Gateway:     192.168.1.129
===========================================================================
Persistent Routes:
  None

All five comptuers use a Windows workgroup named "workgroup". From the fifth computer, a Windows "tracert 192.168.1.X" where X is the DHCP-assigned IP host part of one of the other 3 computers shows the first hop as 192.168.1.129, and then nothing. The reverse tracert (to 192.168.1.130 from one of the other 3) does not even get to the first hop.

0 Likes
Re: IP subnet routing question within LAN
viafax999
Community Leader
Community Leader

Think you'd find it far easier to just go and get a cheap unmanaged switch and connect it to the router and your 5th machine to it.

Otherwise you will need a second routing table, you may want to investigate iproute2 on how to do this.  At a minimum I'm not sure you can't have 2 nics on the same machine using the same ip address range with different masks.

Re: IP subnet routing question within LAN
lasagna
Community Leader
Community Leader

Your setup is not correct.   Since 192.168.1.0 is defined on the router side of the computer with a mask of 255.255.255.0 (256 addresses), you can not define 192.168.1.128/255.255.255.128 (128 addresses on the upper half of the same range) on the other side of the network and have it reachable.   The client computers will not recognize those addresses as being off the local network and won't go looking for a router.

If you really want to solve this with routing, then you need to change the fifth computer's network to a different subnet (say 192.168.2.0/255.255.255.0) and change all the routing.   You may also need to add static routes to each of the other computers pointing 192.168.2.0 to the machine address with both NIC's because I'm not sure that the ActionTec will do ICMP redirects.

Better still as the previous poster referenced, just go buy a small switch -- you can get one for less than $20 (switch, not a router) such as one of these:

http://www.amazon.com/TRENDnet-GREENnet-100Mbps-Auto-MDIX-TE100-S50g/dp/B002EP30EM/ref=sr_1_13?s=ele...

Disconnect a current computer from the router and plug the switch into that port, then connect the computer you disconnected and your fifth computer into the switch.   Done.  

0 Likes
Re: IP subnet routing question within LAN
spacedebris
Master - Level 2

The switch mentioned by viafax999 is a MUCH simpler option. it will be plug and play and you can find cheap switches easily for about $20.  here is an example. Of course this one is a refurbished one, but nothing wrong with that and its only 15 bucks and there is no configuration, no special setup, no nothing. Its simply plug and play. Your done and you have 8 additional ethernet ports ready for use.

But if you do want to set up routing in your home, one thing to remember the IP addresses 192.168.1.100-150 are in a special range on the Verizon router reserved for STB's. It shouldnt cause you too many problems, but it is best if you stay off those IP's and leave them alone just so you dont get any conflicts with the Verizon software.

Re: IP subnet routing question within LAN
JasonMel
Newbie

I went ahead and solved the problem by creating a network bridge on the computer with two network interfaces, which works well. No offense, but I'm not about to go out and buy hardware I don't need. But this topic is still interesting, so I hope you won't mind if I haven't let it drop though it be academic. Thanks for you responses.


@lasagna wrote:

Since 192.168.1.0 is defined on the router side of the computer with a mask of 255.255.255.0 (256 addresses), you can not define 192.168.1.128/255.255.255.128 (128 addresses on the upper half of the same range) on the other side of the network and have it reachable.   The client computers will not recognize those addresses as being off the local network and won't go looking for a router.


I see. So you're saying every subnet on the LAN has to be at the same level; in other words, have the same netmask. I thought "subnet" meant a smaller part of a net, a subordinate portion that could take host numbers from a larger pool at the next level up. But I'm still confused, because at some point the Internet must do that. Not every part of the Internet has the same netmask; there must be a way to subdivide a subnet.


@lasagna wrote:

If you really want to solve this with routing, then you need to change the fifth computer's network to a different subnet (say 192.168.2.0/255.255.255.0) and change all the routing.


Or change the netmask of every LAN address to that of the fifth computer, I guess.


@spacedebris wrote:

But if you do want to set up routing in your home, one thing to remember the IP addresses 192.168.1.100-150 are in a special range on the Verizon router reserved for STB's.


Yes, I noticed that while poking around the router config. That's exactly why I used a 25-bit netmask, because it gave over 100 host addresses to that portion of the subnet. I also noticed that the range assigned to set-top boxes doesn't decrease when the overall DHCP range is reduced to less than 150.

0 Likes
Re: IP subnet routing question within LAN
Anti-Phish1
Master - Level 1

JasonMel wrote:
So you're saying every subnet on the LAN has to be at the same level; in other words, have the same netmask. I thought "subnet" meant a smaller part of a net, a subordinate portion that could take host numbers from a larger pool at the next level up.


 No, that's not what Lasagna said.

"you can not define 192.168.1.128/255.255.255.128 (128 addresses on the upper half of the same range)"

What he said was that you can not have overlapping IP ranges. 

You don't indicate what the DHCP subnet mask is for the Actiontec.  I think Lasagna may have assumed that it was 255.255.255.0 (/24).  We're not mind readers. Smiley Wink 

Your comment to spacedebris seems to indicate you have this set to 255.255.255.128 (/25).  If that's the case, then it appears you've created two /25 subnets (.0 for the Actiontec, .128 for the PC router).   Frankly, wouldn't it have been easier to create two /24 subnets (e.g. 192.168.1 and 192.168.2) and avoid the binary gymnastics and the VZ DHCP scope issue (below)? 

If your DHCP subnet mask on the Actiontec is not /25, then this is seriously messed up.


spacedebris wrote:

the IP addresses 192.168.1.100-150 are in a special range on the Verizon router reserved for STB's.


JasonMel wrote:

Yes, I noticed that while poking around the router config. That's exactly why I used a 25-bit netmask, because it gave over 100 host addresses to that portion of the subnet. I also noticed that the range assigned to set-top boxes doesn't decrease when the overall DHCP range is reduced to less than 150.


That's because the Actiontec has two DHCP scopes.  One that you can configure and one that is preconfigured by VZ (100-150).  The problem is that by using a /25 netmask, you've straddled the VZ DHCP scope putting part in one subnet and part in the other.

0 Likes
Re: IP subnet routing question within LAN
lasagna
Community Leader
Community Leader

As someone pointed out, my comment about the networks are that you can not overlap IP address ranges.   You need to understand the different types and functions of networking equipment to understand why this is important.

The way you had things setup, you defined the machine with two interfaces as a "router".   Routers are network devices which look at layer 3 traffic and move it from one network subnet to another based on the source and destination network address ranges.   These networks must contain unique address spaces so that the router knows what addresses are considered "local" to each segment.   In your case, you defined two networks -- one with the address 192.168.1.0-192.168.1.255 and another with 192.168.1.128-192.168.1.255.   This violates the "unique address space" rule because the second network overlaps the upper half of the first network.   Routers also have to have traffic explicitly hand to them before they will attempt to deliver it -- this is done by what's called the routing table on each machine -- typically this is a handful of automatically defined routes -- one for the machine itself, one for the machine's loopback interface, one for the local network segment, and one for the default route off of the local network.   If you add a new router, you need to instruct each system when packets should be sent to that router  (routers use one ore more "routing protocols" to communicate this information amongst themselves, so sometimes if a client system misdirects a packet to the wrong router, it can issue a special response called an ICMP redirect which tells the client system where it really should send the packet).

What you did in your latter post was change the machine with two interfaces to be a "bridge".   A "bridge" is special type of network device that works with layer 2 traffic and builds a list of MAC addresses (ethernet card unique addresses) that it sees on each side of the the network and then shuttles traffic between the two sides if it sees a layer two packet that is destined for the other side.   It's a transparent type of device that other devices in the network don't specifically need to know about (unless you have more than one bridge to the same pair of networks in which you case you create a loop -- something which is mitigated with a specific protocol called "spanning tree" typically).

Anyhow, as a bridge, it will work without any issues since it's all one big network.   But, I will stand by my and another previous posters comments that this is a quite commplicated way of setting things up (and requires the PC with two interfaces to be on for the fifth computer to have any access to the network).   A simple switch at less than $20 is a much more effective solution, requires absolutely no configuration, will add an addition 4-8 ports of capacity instead of just one, and is a much more "green" solution in terms of power consumption.   But hey ... it's your network. 

0 Likes