Author Options:

Networking, Subnets and Basic Routing - Please Explain? Answered

I have been having trouble setting up my router so that it knows about a network behind another one my routers (serving up another subnet).  I understand a little of how to configure the routing tables but I was wondering if someone could just explain the basics of how an ip network (subnets/subnet masks etc) works, as it is still a little mysterious to me (it's amazing that I have been able to get things working with my limited knowledge). I mean how does one computer talk to another on the same subnet or across the world (what is the difference between a mac address and an IP address), what is going on behind the scenes??? I don't mind technical speak as long as it's logically ordered.  Thanks so much!


It's not as mysterious as you would think :)

Let's go over the basics.

Your computer is physically (or wirelessly) connected to a network.  Your computer can only communicate to another computer/network device that is also connected to that same network (or segment).

So how does a computer know that a device can be communicated to directly?  This is where it's IP address and subnet mask comes in.

If our computer is networked, it may have an IP address, which is basically just one big 32 bit number, though we break it up in 8 bit chunks displaying it in decimal dotted notation. So for example;

IP Address: or in binary 11000000 10101000 00001010 00001010

Now, to determine whether it can communicate to another IP address it applies a mask (a subnet mask) to both it's IP address and the IP address of it's destination.  So let's do this,

Subnet mask: or in binary 11111111 11111111 11111111 00000000

Let's look at the binary as it makes more sense here.  You simply AND the subnet mask with the IP address (this means anywhere you have a 1 in the subnet mask, copy down the corresponding value of the IP address)...

So to communicate to a computer with the IP

First apply the subnet mask to both IP addresses (yours and the destination's);

11000000 10101000 00001010 00001010 (or
11111111 11111111 11111111 00000000 (subnet
11000000 10101000 00001010 00000000 (gives us our subnet

11000000 10101000 00001010 00001011 (or
11111111 11111111 11111111 00000000 (subnet
11000000 10101000 00001010 00000000 (reveals that our destination is on the same subnet

Our computer's network card then needs to know the physical address (or mac address) to communicate directly to the computer.  It sends out a message (an arp request) like "Who has" - The computer with as it's address replies with "oh that's me and my MAC address is (some unique 48bit number normally displayed in hexadecimal).  Our computer keeps a table (arp table) of the MAC addresses just in case we want to talk to that computer again.

From there our computer will either request a tcp connection with it's various handshaking and confirmations packets or ports, or send UDP packets to whatever port, or use whatever other protocol you're into.

But what if the destination's IP address (once masked with our subnet mask) is different to ours?  Then this is where our route table comes into play.  Let's look at another example.

11000000 10101000 00000010 00001010 (or
11111111 11111111 11111111 00000000 (subnet
11000000 10101000 00000010 00000000 (reveals that our destination is not on the same subnet not equal to our subnet

So we then have to look at our route table, it may have the network destination in it's table or if not there will be a default route to your default gateway.  Like if I don't know where this network is then I'll simply give it to my default gateway (it'll know, hopefully).  So this is why we need our default gateway's IP address configured (either automatically or manually entered).  You still have to be physically connected to any gateway you are using.  For our example, let's say is our default gateway;

We still need to ask for our default gateway's MAC address (arp request), so "hey who has", the gateway replies "I've got and my MAC address is this", you update your arp table and then send the message for to the physical address of, and this process continues down the line until the address is reached.

So that's basically it, not exactly rocket surgery!  Sorry if it was a little long winded :)

So you mentioned you need to let one of your routers know about another subnet.  The router that you have connected to both subnets will automatically know (or have route table entries) about both subnets.  For your computer to communicate to a device on the other side of that router, you either need to update your computer's route table for that network's subnet, pointing to the router's IP as a gateway (for that subnet), or you can simply add a route to your router's (the default gateway's) route table.

Let me know if I can help in any way.

Oh wow,

That actually makes sense! So currently I have two subnets 192.168.1.x and 192.168.2.x

The router between these has the ip addresses and

I'm running a linux box as a filter/file & printer server on (with public ip to the net).

I also have file shares and printers on my 192.168.2.x subnet. Devices on this network can access everything up stream (printers/fileshares). So if I add a route to my linux box telling it about 192.168.2.x network pointing it to as the gateway for this network, I think that'll work?

Thanks Jonty

justjonty has explained how it works pretty well, but one thing he didn't think of is why it isn't working for you. I would guess that you are using consumer equipment... right? If so, it probably wouldn't have an option to input static routes or to use RIP (or another dynamic protocol such as OSPF, EIGRP, etc). Right?

The problem in that case is that you can set your second router's default gateway to the first router's IP address and your traffic can get out just fine, but when it comes back, it's tagged for your second subnet and the first router says "hey! I don't have that address, and I don't know how to get to there, so I need to drop this packet." Due to NAT, you are probably going to have to go into the first router, and setup port forwarding to get stuff to your second router. If it has DMZ, set your second router to DMZ, but then you also need to set that up as a gateway.

If this is not your case (you aren't using consumer equipment), tell me what equipment you are using, what subnets you need to use, any specific routing protocol you need to use, etc. I can send you a configuration for a Cisco router, but other than that I can't guarantee that I can get you a configuration, but I can still help.

Thanks thegeeke!

With Jonty's explanation I think I finally get it. Once I put the route for the second subnet into my linux box - all seems to be happy. Your comments on the DMZ and port forwarding helped me also, as now I can ssh into my secondary subnet router externally. Thanks again for your help - I would give best answer to you both if I could!

The following was my setup

My two subnets 192.168.1.x and 192.168.2.x
The router between these has the ip addresses and
Linux box as a filter/file & printer server on (with public ip to the net).
I managed to add a route on my Linux box for the 192.168.2.x subnet pointing it to as the gateway for this network - it worked.

Glad to hear it worked out! :) (And since Jonty did the most typing and explaining, he definitely deserves the best answer!) ;)