IP Subnetting Question

**jsnetman** · 23 April 2012, 12:35

You would need some form of router between the two subnets for this to work. Alternatively you could set the default IP address of one router to 1 and the other to 2 and have all the machines on the one subnet. You would have to disable DHCP on both routers and input static IP information, having half your machines pointing to 1 as the gateway address and the other half to 2. Maybe easier just to buy a cheap router.

You might be able to setup routing between the two adsl routers, have a look in the adsl router setups for for anything to allow this.

**garethevans1986** · 23 April 2012, 12:42

I don't think that will keep the two groups of computers separate as they will still be on the same physical network, regardless of IP Address scheme.

You will need to split the network and use a router/firewall like pfSense on a separate machine which you can then configure to allow one way access between the network subnets.

So ADSL network uses 192.168.0.0/24 and Business Network uses 10.0.0.0/8 (or you could use the scheme you specified above), then configure the PfSense box to allow 10.0.0.0 => 192.168.0.0 but block 192.168.0.0 => 10.0.0.0 (swap as required).

GE

**craig1** · 23 April 2012, 14:05

Thanks.

Got the thing running and have decided on a different approach that has worked. Routers stay the same, BT one is .128, business ADSL one is .1.

Machines I want running on the business line are in the .1 to .127 range with a gateway address of the .1 router and a subnet mask of .0
Personal machines I want accessing all machines (e.g. my storage/backup box) are in the .128 to .255 range, a gateway address of the .128 router and a subnet mask of .0
Personal machines I don't want to have access to the business machines (e.g. my torrent downloader) are in the .128 to .255 range, a gateway address of the .128 router and a subnet mask of .128

Seems to work just fine with some rigorous testing. I know that it won't stop anything malicious, I just want a logical separation to stop me doing something daft accidentally and to have at least a thin level of separation.

**v8gaz** · 23 April 2012, 14:28

Assigning gateways is the correct thing to do, in ordeer to force individual machines to use a particular router - however this will not prevent the machines communicasting with each other on the internal LAN.

You appear to be misconfiguring the subnet mask - I'm surprised the machines with a mask of 0 actually work! The mask defines the range of addresses that the machine will see without requiring a router. With the mask of .128 then you are right, the machines should only see the internal network between adresses .128 and .254, which includes the default gateway router. The other machines should also have a mask of .128, but as they have addressesd in the lower half of the class C that your network runs on, then they will only see from .1 to .127, which again includes their preferred default gateway.

In order to allow some connectivity between machines, then in theory tyou would need to have some routing in place to allow comms between the upper and lower half of your private class C network.

**VectraMan** · 23 April 2012, 16:10

I think that's quite clever.

Totally abusing the system, but still clever.

**craig1** · 24 April 2012, 06:18

Thanks for all the feedback!

The scary thing is that in my home I have now discovered 17 items that require an IP address, 10 I've given static addresses with varying configs, the others are on a DHCP range in my upper subnet. All works fine with the config noted above and had no issues so far apart from one machine getting very huffy when I mistyped a number in the third octet then couldn't guess what my mistype was.

House now successfully configured with cat 6 cabling, gigabit switches/hubs, n-spec wifi (with a secondary g-spec for any guests with older kit), femtocell for my mobile phone, etc. And all without the wife finally snapping and wanting to kill me.

Not bad really for a non-techie PM

**Sysman** · 24 April 2012, 08:20

Originally posted by craig1 View Post

The scary thing is that in my home I have now discovered 17 items that require an IP address, 10 I've given static addresses with varying configs, the others are on a DHCP range in my upper subnet. All works fine with the config noted above and had no issues so far apart from one machine getting very huffy when I mistyped a number in the third octet then couldn't guess what my mistype was.

House now successfully configured with cat 6 cabling, gigabit switches/hubs, n-spec wifi (with a secondary g-spec for any guests with older kit), femtocell for my mobile phone, etc.

Make sure you document this lot. I've just counted mine and I've got 14 devices requiring IP addresses, and that doesn't include old stuff in cupboards that could yet be pressed into action if I get a legacy project to work on,

I've put all my IP adresses into a spreadsheet with details of what system does what etc.

And printed it out. Murphy's Law says I'll need it when some part of the network is down.

**craig1** · 24 April 2012, 08:46

Originally posted by Sysman View Post

Make sure you document this lot. I've just counted mine and I've got 14 devices requiring IP addresses, and that doesn't include old stuff in cupboards that could yet be pressed into action if I get a legacy project to work on,

I've put all my IP adresses into a spreadsheet with details of what system does what etc.

And printed it out. Murphy's Law says I'll need it when some part of the network is down.

Yep, good advice. I keep a running spreadsheet done properly. It makes it easier with the marked out dhcp range for the VMs I throw out and trash as needed.

**Sysman** · 24 April 2012, 09:57

Originally posted by craig1 View Post

Yep, good advice. I keep a running spreadsheet done properly. It makes it easier with the marked out dhcp range for the VMs I throw out and trash as needed.

And now you mention it, some of my VMs have more than one IP address. My spreadsheet needs a bit more work

IP Subnetting Question