[CoLoCo] changing subnet mask

Kevin Fries kfries at cctus.com
Wed Sep 10 16:29:31 BST 2008

I don't think it's that odd. It's probably just not that clear what I'm doing. I have two routers - router 1 is a linksys running dd-wrt and router 2 is a dlink. Router 1 connects to my modem and until I added router 2 it was the only one on the network. However, for some reason, computers running Linux and with a broadcom wifi are having trouble connecting to the linksys. As this was creating issues with networking for the family I stuck the dlink into the mix so they could connect while I worked on figuring out why the linksys was having issues. However, once connected it was not possible to admin the dlink router as it was on a different subnet. I had a set up like this in the past with different subnets so that my home network was shielded from an ssh box I was running on the other subnet. However, in that case the home network was downstream (i.e. the second router) and was able to see upstream connections (computers on 192.168.2.x could see 192.168.1.x or maybe it was because router 2 was plugged into router 1 and router 1 plugged into the modem). In the new scenario, the dlink is the downsteam one (i.e. plugged into router 1 and my desktop also connects to router 1) and couldn't be seen. I really didn't want to move everything around but I figured that if I changed the subnet mask then everything would be able to see everything. My thinking was that computers on differnt subnets can't see each other if the mask is "masking".

Now, if that doesn't make sense it's probably because I have just enough networking knowlege to cause problems and don't always understand why things work the way they do. Doing as Mitch suggested (lan to lan) with everything on 192.168.1.x and no dhcp on the dlink solved the issue - albiet not in the way I was trying to. I was hoping to gain a bit more understanding of subnets for now the problem is solved.

If you know of any good and simple resources that would help me to understand this stuff that would be great. Most things I find don't really simplify. I need a children's guide to networking with nice pictures :)


Network subnets are one of those topics (like object orientation is to programmers) that will spin your head around because we want to make it more difficult than it is.  Once you get it, it becomes quite easy.  However, it is just different enough to make it an interesting ride in the early days.  Don't worry about it, everybody who learns this, goes through this same trial by fire.

There are seven layers to the OSI networking stack.  For our purposes here though, we want to focus on the lowest three:

The lowest level basically translates to the wire itself.  In this case, we are wireless, so that wire is literally the radio signal (not the radio, protocols or data, just the raw radio signal itself).  This is were those Broadcomm chips are coming to beat you up, because Linux often has trouble with Broadcomm stuff.

The layer above that is for basically the NIC.  Again, we are in wireless, so this would include the actual radio itself.  This is the lowest level of hardware possible.  In a wired network, this would be the NIC and the ability for a computer to communicate at the lowest level with another machine.  This is where you MAC address is important.  In addition to network cards, this is the level of the network where a bridge would live (which is why IP addresses are unavailable in bridges because the IP address is level 3).

The layer above that, is the network layer.  This is where the IP protocol is deployed.  At this level, only connectionless protocols such as raw packets actually exist (TCP, UDP, ICMP, etc live on the fourth level, but I will discuss those in a minute).  All TCP based communications between physically connected machines do so at this level of the stack.  All routers live at this level of the stack.

Each layer of the stack provides services to the layer above it, and uses the layer below it.  So for example, lets say a server is broadcasting a UDP based music stream (real audio for example) to a computer on the same network that the server lives on.  The data is packaged a the top of the stack, but eventually passed to layer 4.  Layer 4 (transport layer) would wrap the data into a UDP packet, and pass it on to the Network layer.  The network layer would understand that this is being addressed to a local machine, and then address the packet for direct delivery and passes it down to layer 2.  Layer 2 physically places the packet on the wire (layer 1).

One of the key factors of layer 3 is to make the decision: is this packet directly deliverable or not.  So, if I have a desktop and a laptop on the same network segment, and I am passing data between the two, layer 3 of the stack will identify that situation, and cause the computers to communicate directly with each other.  If they are on different networks, they will forward the packets to an intermediary (i.e. a gateway).  IP does this by looking at the IP address and the subnet mask.  The mask is a binary value consisting of a series of 1's followed by a series of 0's, such that there are 32 bits total.  While it is theoretically valid to have masks to have 1's followed by 0's followed by more 1's and 0's, most routers will not support this.  Instead, they expect that all the 1's will be at the beginning, and all the 0's will be at the end.  So, this has become the defacto rule.  The 1's at the beginning of the mask show the address of the network, and the 0's on the end indicate the node ID of the machine on that network.  All machines with the same network ID are expected to be able to communicate directly, and will therefore be addressed by MAC address.  Communications between computers on different networks will require an intermediary (i.e. a router) and the packet will be therefore directed to the proper gateway for forwarding elsewhere.  Once that packet gets to its final destination, that router will communicate to the target machine addressing it locally (i.e. by MAC address).

When you created the second subnet, you caused the computer to no longer try to communicate directly with one another, but instead would not even look.  Instead, when a machine on network 1 would look for a device on network 2, it would automatically forward the request to router 1 for processing.  Most addresses falling under RFC 1918 will not route by default on any router.  So if you have a computer on network 1, communicating with router 1; and a second computer on network 2 communicating with router 2; in order for computer 1 and computer 2 to communicate with each other, there needs to be a rule on the two routers allowing the route to the other network.  A specialized example of this rule is your NAT routing.  You want to do a Google search from computer 1, that request is sent to router 1, which is then forwarded to the Internet via a routing rule.

You made mention of a situation that you had before, where router 1 would go to the net, and router 2 would relay through router 1.  The computer you were using was on network 2 and you could see machines in network 1.  The answer to that is of course you could, packets were transmitted to the router 2, which then understood all the machines in network 1 because its upstream NIC existed in that network also.  But the reverse is not true.  Router 1 does not have a NIC in network 2, so therefore would need to have a specific rule to know how to properly forward that packet.

Does this make sense so far?  I hope so.

If I understand what you were trying to do, you did not want two network segments, but instead just wanted two physical WAP routers on the same network.  In order to do that, you need to go back to layer 2 of the OSI and realize that two WAP access points, with the same channel, and the same SSID will confuse the radio's in the client machines the same way that two computers with the same MAC address will confuse a wired network.  I think what you wanted was to leave the DHCP on, in the second WAP, and just create machines in a different range.  If I get what you wanted:

Router 1 -
  Upstream -> Cable/DSL modem
  Upstream Address -> assigned by the ISP
  Local -> local network
  Local Address -> Fixed at .1 or .254
  DHCP Range -> 100 - 149
  Channel -> 11

Router 2 -
  Upstream -> Local Network
  Upstream Address -> fixed at .3 or .252 (gateway = router 1)
  Local -> Local Network
  Local Address -> Fixed at .2 or .253
  DHCP Range -> 150-200
  Channel -> 9

Wireless clients can connect to either Router 1 or Router 2.  Either router still gets them into the same network.  Therefore, you can manage either router from either segment.  On router 2 you can allow management from the WAN (upstream) port which normally would not be a good idea, but is fine in this case because upstream is still your local network.

If you want more detailed information, with lots of gobbly gook techno speak, look up OSI Model and Internet Protocol on Wikipedia.

Did this help?  Did I tell you what you were trying to figure out?

Let me know

More information about the Ubuntu-us-co mailing list