1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Accessing different subnets with DHCPs

Discussion in 'Networking' started by faaizenam, Apr 8, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. faaizenam

    faaizenam Thread Starter

    Joined:
    Apr 8, 2010
    Messages:
    7
    Hello,

    My home network situation is like this: I have a ZXDSL 831CII Modem/Router with DHCP enabled (192.168.1.1) (and a DSL cable). This connects to a 24port D-Link switch and from this I have two ethernet cables to two different routers: a Linksys and an AirLink. Each of these routers has DHCP enabled as well and they provide 192.168.0.1 (both of them).

    Connected to the Linksys is my WD network drive and connected to my AirLink router is my laptop (they're in separate rooms).
    Thus, I've pretty much got two networks set up (two subnets?). What I want to know is how to access one from the other, i.e. how to access my network drive from my laptop (without making the whole home network with static IPs).

    So it's |MODEM| (DHCP 192.168.1.1) ----->|D-LINK SWITCH|---> LINKSYS (DHCP w/192.168.0.1)---->|NETWORK DRIVE|
    *************************************** '------->AIRLINK (DHCP w/ 192.168.0.1)------>|LAPTOP|

    I can't access my drive without directly connecting to the Linksys router; I want to know whether it's possible to access it through my AirLink router.

    Thank you for your assistance.
     
  2. schang626

    schang626

    Joined:
    Mar 2, 2010
    Messages:
    447
    first step is
    you should probably using different subnet for each router
    192.168.0.0 and 192.168.1.0 /24
     
  3. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,300
    So you have a couple of issues here.

    First, you should not use the same subnet for the network behind the Linksys and Airlink to make the routing work correctly. You are only able to do this because I assume the Linksys and the Airlink have a unique IP address on the 192.168.1.1 subnet. I'm also assuming you are using a /24 subnet mask or 255.255.255.0 for all your subnets. The issues you have with using the 192.168.0.0/24 subnet in two places on your network is masked by the Linksys/Airlink routers through the NAT overload they are performing.

    But the biggest issue you have here is that, I doubt none of these routers can work as a router with NAT turned off. The alternative would be if the routers supported static one to one NATs (this would allow you to keep the 192.168.0.0/24 scheme for both private networks behind each of the Linksys and Airlink routers.) But I don't know of any SOHO routers which have this functionality.

    In my home network, I actually have 5 subnets running. Some subnets are NAT'd to a single IP on one of my firewall's interfaces. Some subnets are routed around the network with their true IPs with no NATing being involved. Because I can propagate the true IP of any subnet I choose, it makes the routing pretty easy. So as an example, I have my network printer on a subnet by itself. I do not NAT its true IP through the firewall which is a Cisco ASA 5505. I also have clients on my the network which sit between the Cisco ASA 5505 and my edge router a Netgear FVS338 (which provides my connection to the internet.) These clients are where your 192.168.1.0/24 subnet is...between your modem/router and your Linksys/Airlink. Because I wanted to keep the routing simple, I just put in a static route entry in my Netgear telling it to get to my printer's subnet the gateway is the ASA 5505. One entry/config in one spot which fixes all the routing. Because the clients that sit in the space between the Netgear and ASA have a default gateway configured to be the Netgear, it all works correctly. For the client boxes which sit directly attached to the ASA 5505 on the private/higher security side, they have their default gateway configured to be the ASA 5505. Because the 5505 has all the subnets directly attached/connected, it knows already how to get to each of the subnets and therefore can just do the routing automatically.

    What you are asking may seem simple on paper, but it's a bit more complex when you have to work around the limitations of consumer grade network equipment.
     
  4. faaizenam

    faaizenam Thread Starter

    Joined:
    Apr 8, 2010
    Messages:
    7
    Thank you very much.

    I've changed the router DHCPs to 192.168.0.1 (Linksys) and 192.168.3.1 (AirLink).
    I googled up and wikied everything you mentioned about NAT but I don't seem to understand exactly what you're saying. However, I think I can make out that it's not really possible.

    One solution, I think, would be if I was to connect the network drive to the switch (a third ethernet cable) so that it is separate from the router and is assigned an IP from the modem. However, I don't really want to tamper with the setup too much as an iMac is backed up on the drive (through Time Machine).

    I notice how I can ping each router (including the linksys at 192.168.0.1) but not the computer within the network (eg 192.168.0.101).
     
  5. faaizenam

    faaizenam Thread Starter

    Joined:
    Apr 8, 2010
    Messages:
    7
    Oh, I think I sort of understand now - your routers give you the ability to create a direct (static like IP) connection between one subnet and the other?
     
  6. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,300
    Routers are basically devices which move things called packets from one spot to another. Depending on how many interfaces a router has will determine how many networks it will support that can be directly attached to it. And when I mention interfaces these are not just physical. They can be virtual. But that's another complicated discussion. So at a minimum, a router will have two interfaces or it wouldn't be a much of a router. On each interface you assign an IP to be on a specific subnet/network. These will be subnets which are unique and do not belong on the same network. For instance, you can't assign one router interface with an IP address of 192.168.0.1 255.255.255.0 and the other interface with an IP of 192.168.0.100 255.255.255.0. Even though the IP addresses are unique, they both are on the same subnet and therefore the router won't be able to move packets through it.

    So in my case, I have 4 interfaces on the router/firewall each with a unique subnet attached to it. The router/firewall will have a thing called a route table. In this route table, you'll see things already entered into it stating that, for example, 192.168.0.0/24 is directly connected and on interface ethernet 0, 192.168.1.0/24 is directly connected and on interface ethernet 1, and 172.16.0.0/24 is directly connected and on interface ethernet 3. From a purely routing stand point, if I had a device on 192.168.0.10 wanting to talk to 172.16.0.100, the 192.168.0.10 device should have configured on it a default gateway pointing to this router/firewall, let's just say it's 192.168.0.1. Because the router/firewall knows about 172.16.0.0/24 and how to get to it via its ethernet 3 interface, it'll just push the packet out ethernet 3. The reverse happens for the return traffic from 172.16.0.100 to 192.168.0.10. The default gateway for 172.16.0.0/24 is set to .1 and that's where the 172.16.0.100 device is going to direct the return traffic to.

    The previous example is just a quick discussion about routing. Now things get a little more complicated when we talk about NATing or network address translation. NATs are just a method of masquerading the true IP with a different IP. Hence the term network address translation. To keep things as simple as possible let's talk about your run of the mill consumer grade router. Out of the box, these routers do what is called a NAT overload. This means it takes multiple private side IP addresses (usually set up as an entire subnet block/pool) and then translates this outgoing traffic into a single IP address (usually the IP address of the router's WAN interface.) How the router is able to keep track of what private IP address sent what traffic is via a concept of creating a NAT table along with the session port numbers. The discussion about how this works is also a bit more involved and goes into TCP/IP concepts which I'll skip for the sake of this discussion. Because the routers of current vintage have a firewall component, you also have to do things like port forwards which basically poke holes in the firewall to allow a certain type of traffic through and can be locked to specific IP addresses. Because all consumer routers operate in a NAT overload type condition, there are problems when you do this. For a simple case where you have a single host behind a router you want to allow outside devices to reach say on port 80, a simple port forward isn't a problem. But what if you add another host but also need to have it be accessible via port 80. Well, you have a problem since you only have a single external IP and you can only set up one port forward rule to allow port 80 through to one of the two hosts. A work around is to configure one of the hosts to listen on a different port say 8080 for the same application and then you can get this to work. But as you add more hosts behind the router, it gets more and more complicated. So enter a static one to one NAT. This setup basically allows you to use a given IP or a pool of IPs to alias specific private IPs behind your router/firewall.

    As an example. Say I have one of my router/firewalls on 192.168.0.2/24. I have two clients behind the router/firewall on 10.0.0.10 and 10.0.0.11/24. If the address space on the WAN side of the router/firewall supports it (and of course the router/firewall has to support the one to one static NATs as well), I can create static NAT rules like the following: 10.0.0.10 would have a translated address of 192.168.0.10 on the external side of the firewall/router. Same applies to the 10.0.0.11 host which would have a translated IP of 192.168.0.11 or 192.168.0.9. It doesn't really matter. So now, I can just leave the hosts alone and do all my firewall rules on the router/firewall without having to mess with the host's ports. So say I want to allow Windows RDP to both of these hosts. With the static NATs here, I don't have to change the RDP port on either host because there is no external port conflict with a given external IP. Externally, I can just launch an RDP session to 192.168.0.10 on port 3389 and have no problems. I can also do the same on 192.168.0.11 over the same port 3389.

    Hope this makes things a little bit clearer.
     
  7. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,909
    First Name:
    Terry
    Do you need or want two (almost) separate networks?
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915608

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice