1291Views5Replies

### Author Options:

I have been having trouble setting up my router so that it knows about a network behind another one my routers (serving up another subnet).  I understand a little of how to configure the routing tables but I was wondering if someone could just explain the basics of how an ip network (subnets/subnet masks etc) works, as it is still a little mysterious to me (it's amazing that I have been able to get things working with my limited knowledge). I mean how does one computer talk to another on the same subnet or across the world (what is the difference between a mac address and an IP address), what is going on behind the scenes??? I don't mind technical speak as long as it's logically ordered.  Thanks so much!

Tags:

The forums are retiring in 2021 and are now closed for new topics and comments.

It's not as mysterious as you would think :)

Let's go over the basics.

Your computer is physically (or wirelessly) connected to a network.  Your computer can only communicate to another computer/network device that is also connected to that same network (or segment).

So how does a computer know that a device can be communicated to directly?  This is where it's IP address and subnet mask comes in.

If our computer is networked, it may have an IP address, which is basically just one big 32 bit number, though we break it up in 8 bit chunks displaying it in decimal dotted notation. So for example;

192.168.10.10 or in binary 11000000 10101000 00001010 00001010

Now, to determine whether it can communicate to another IP address it applies a mask (a subnet mask) to both it's IP address and the IP address of it's destination.  So let's do this,

255.255.255.0 or in binary 11111111 11111111 11111111 00000000

Let's look at the binary as it makes more sense here.  You simply AND the subnet mask with the IP address (this means anywhere you have a 1 in the subnet mask, copy down the corresponding value of the IP address)...

So to communicate to a computer with the IP 192.168.10.11

First apply the subnet mask to both IP addresses (yours and the destination's);

11000000 10101000 00001010 00001010 (or 192.168.10.10)
11111111 11111111 11111111 00000000 (subnet 255.255.255.0)
11000000 10101000 00001010 00000000 (gives us our subnet 192.168.10.0)

11000000 10101000 00001010 00001011 (or 192.168.10.11)
11111111 11111111 11111111 00000000 (subnet 255.255.255.0)
11000000 10101000 00001010 00000000 (reveals that our destination is on the same subnet 192.168.10.0)

Our computer's network card then needs to know the physical address (or mac address) to communicate directly to the computer.  It sends out a message (an arp request) like "Who has 192.168.10.11?" - The computer with 192.168.10.11 as it's address replies with "oh that's me and my MAC address is (some unique 48bit number normally displayed in hexadecimal).  Our computer keeps a table (arp table) of the MAC addresses just in case we want to talk to that computer again.

From there our computer will either request a tcp connection with it's various handshaking and confirmations packets or ports, or send UDP packets to whatever port, or use whatever other protocol you're into.

But what if the destination's IP address (once masked with our subnet mask) is different to ours?  Then this is where our route table comes into play.  Let's look at another example.

11000000 10101000 00000010 00001010 (or 192.168.2.10)
11111111 11111111 11111111 00000000 (subnet 255.255.255.0)
11000000 10101000 00000010 00000000 (reveals that our destination is not on the same subnet 192.168.2.0 not equal to our subnet 192.168.10.0)

So we then have to look at our route table, it may have the network destination 192.168.2.0 in it's table or if not there will be a default route to your default gateway.  Like if I don't know where this network is then I'll simply give it to my default gateway (it'll know, hopefully).  So this is why we need our default gateway's IP address configured (either automatically or manually entered).  You still have to be physically connected to any gateway you are using.  For our example, let's say 192.168.10.1 is our default gateway;

We still need to ask for our default gateway's MAC address (arp request), so "hey who has 192.168.10.1", the gateway replies "I've got 192.168.10.1 and my MAC address is this", you update your arp table and then send the message for 192.168.2.10 to the physical address of 192.168.10.1, and this process continues down the line until the address is reached.

So that's basically it, not exactly rocket surgery!  Sorry if it was a little long winded :)

So you mentioned you need to let one of your routers know about another subnet.  The router that you have connected to both subnets will automatically know (or have route table entries) about both subnets.  For your computer to communicate to a device on the other side of that router, you either need to update your computer's route table for that network's subnet, pointing to the router's IP as a gateway (for that subnet), or you can simply add a route to your router's (the default gateway's) route table.

Let me know if I can help in any way.

Oh wow,

That actually makes sense! So currently I have two subnets 192.168.1.x and 192.168.2.x

The router between these has the ip addresses 192.168.2.1 and 192.168.1.2

I'm running a linux box as a filter/file & printer server on 192.168.1.1 (with public ip to the net).

I also have file shares and printers on my 192.168.2.x subnet. Devices on this network can access everything up stream (printers/fileshares). So if I add a route to my linux box telling it about 192.168.2.x network pointing it to 192.168.1.2 as the gateway for this network, I think that'll work?

Thanks Jonty

justjonty has explained how it works pretty well, but one thing he didn't think of is why it isn't working for you. I would guess that you are using consumer equipment... right? If so, it probably wouldn't have an option to input static routes or to use RIP (or another dynamic protocol such as OSPF, EIGRP, etc). Right?

The problem in that case is that you can set your second router's default gateway to the first router's IP address and your traffic can get out just fine, but when it comes back, it's tagged for your second subnet and the first router says "hey! I don't have that address, and I don't know how to get to there, so I need to drop this packet." Due to NAT, you are probably going to have to go into the first router, and setup port forwarding to get stuff to your second router. If it has DMZ, set your second router to DMZ, but then you also need to set that up as a gateway.

If this is not your case (you aren't using consumer equipment), tell me what equipment you are using, what subnets you need to use, any specific routing protocol you need to use, etc. I can send you a configuration for a Cisco router, but other than that I can't guarantee that I can get you a configuration, but I can still help.

Thanks thegeeke!

With Jonty's explanation I think I finally get it. Once I put the route for the second subnet into my linux box - all seems to be happy. Your comments on the DMZ and port forwarding helped me also, as now I can ssh into my secondary subnet router externally. Thanks again for your help - I would give best answer to you both if I could!

The following was my setup

My two subnets 192.168.1.x and 192.168.2.x
The router between these has the ip addresses 192.168.2.1 and 192.168.1.2
Linux box as a filter/file & printer server on 192.168.1.1 (with public ip to the net).
I managed to add a route on my Linux box for the 192.168.2.x subnet pointing it to 192.168.1.2 as the gateway for this network - it worked.

Glad to hear it worked out! :) (And since Jonty did the most typing and explaining, he definitely deserves the best answer!) ;)