[CoLoCo] changing subnet mask

[Kevin Fries]

________________________________________
From: ubuntu-us-co-bounces at lists.ubuntu.com [ubuntu-us-co-bounces at lists.ubuntu.com] On Behalf Of Jim Hutchinson [jim at ubuntu-rocks.org]
Sent: Sunday, September 14, 2008 10:44 PM
To: Ubuntu Colorado Local Community Team
Subject: Re: [CoLoCo] changing subnet mask

On Wed, Sep 10, 2008 at 9:29 AM, Kevin Fries <kfries at cctus.com<mailto:kfries at cctus.com>> wrote:

> Well, what I wanted was two routers with DIFFERENT ssid and channel and different subnets. Basically,
> I was trying to create two separate networks that were not isolated on the LAN side. I wanted to be able
> to ssh between them and use one computer to manage both routers. When my desktop is connected to
> the "1" subnet, it cannot see the router or computers on the "2" subnet. I was trying to figure out if a
> different subnet mask would allow this to work.

This was part of my reason for asking what you were trying to do.  Your original posting indicated that you were trying to get around a computability issue.  The ONLY reason to segment the network is for security purposes (in a business, accounting departments are often on a separate network to secure financial records).  If all you were trying to do was get around the broadcomm compatibility issue and wanted machines to be visible across both routers, you wanted one network.  Two networks with routing rules are more trouble than they are worth for a home network, unless you are using it as a home learning exercise.  Even then, there are more effective ways to learn.

So, now I am back to being confused as to what you are trying to do... or maybe I should say, what and why you are trying to implement it with two networks.

> I think that is right but not sure what the "fixed at .1 or .254" or ".3 or .252" lines mean. I have one
> router with a default gateway of 192.168.1.1<http://192.168.1.1> and the other with
> 192.168.2.1<http://192.168.2.1>. Both are serving DHCP and the .2 router is connected from a lan port
> of the .1 into the WAN port of the .2. The ssids are different though. This is working except I can't access
> computers on the .2 subnet or the router from computers on the .1 network. That is what I'm trying to fix.

Fixed at .1 or .255 means, do not allow that interface to obtain an IP address from DHCP, but instead make it a fixed IP address.  If your network is 192.168.1.0, then fixed at .1 means set a static IP address for the interface at 192.168.1.1.  Gateways are generally either the first or last address in the range depending on the network admin.  When I am fixing addresses, I always set static servers in the 1-49 range, and routers in the 240-254 range.  (For the records, 200-239 is for printers and other misc equipment, 100-199 is for desktops, and 50-99 are for mobile devices such as laptops, but that is my anal retentive system, use whatever numbering scheme works for you).

> This only works upstream (i.e. from computers on the .2 network to computers on the .1) but not vice versa. I can only ssh one way.

This is why you want one network.  Think of this like one of those diagrams they showed you in math class where you have a circle labeled A, and a second circle completely contained inside the first circle labeled B.  Since B is completely inside A, anything in B is also in A (any machine in network 2 can see all the machines in network 1).  Everything outside of A is neither in A or B (any machine from outside of network 1 is foreign to both network 1 and network 2).  Everything else is local to A, but not included in B (any machine in network 1 can not see those in network 2 because the machine has no way of knowing that network 2 is inside network 1).  By making it one network, you overlay the circles, so that everything in A is also in B (Network 1 and network 2 are the same space, so all machines should be visible.  I hope equating it to a vein diagram helps.

You can also try, though I have never seen this work in a wireless network, setting your desktop's netmask to /22 (255.255.252.0).  Again, this is one of those areas where theory meets actuality in a ugly game of "but why won't this work, it should".  The problem is that most of these wireless routers are designed to operate in one of two modes: either as a access point, where it expects that there is a bigger domain managed by a set of servers in the back; or as a central gateway where it expects to be king of the network.  You are trying to add a third scenario, where it is king of its network, but also aware of a second network in parallel.  Larger routers (i.e. Cisco or Linux routers) are built for this by only defining generic interfaces, which then allows a professional administrator to define a complex set of rules to handle all routes.  The home routers you are dealing with are dumbed down for non-administrators to use from home.  Complex routing is generally the first thing to be eliminated.

Hope I got you closer this time

Kevin