Routing between subnets
October 16, 2007 1:38 PM
How to route between subnets and share one internet connection? (network topology pic inside)
Last weekend, I setup a wireless bridge between Dad's house and my sister's house. They're out in the country -- no DSL or cable modem -- so my sister still uses dial-up internet access, while my dad uses a Sprint wireless phone hooked to a WinXP PC via USB, which is 3-4 times as fast. The end goal of the project is for my sister to be able to share the higher speed Sprint internet connection. The immediate goal is just to get the two networks working together.
Now, the wireless bridge works great, as advertised, with 2-10ms pings. The problem is that my dad and my sister are on two different subnets, and routing between the two is just a bit past my knowledge. I'm pretty sure it's got something to do with static routing, but I need some hand-holding.
Here's the setup: Network Topology. Pretty simple, but note that "AP1" on Dad's side has router functionality ("AP2" is a bridge slave), as does "Router" on Sister's side.
Using the PC at 192.168.11.2, I can ping across the bridge to 192.168.11.100. But I can't ping anything on 192.168.0.x. Nor can any system on 192.168.0.x ping any system on 192.168.11.x.
I thought that just using a subnet mask of 255.255.0.0 for systems on both sides would make this work. No? Seems not to work.
I can put static routes into "AP1" on Dad's side and "Router" on Sister's side if I need to, but I'm fuzzy on this -- haven't setup static routes in over 10 years. What should the entries be?
Or... is it possible to make a USR5461 just act like a switch? There's no WAN connection at that house, so the routing is really not necessary and it's screwing me up. I wish I could just replace it with a hub/switch, but it's being used both as an 802.11g access point and as a print server.
For the end goal, sharing the Sprint phone for internet, I'm planning to setup WinXP "connection sharing" for the Sprint phone attached to the PC at 192.168.11.2, then just set 192.168.11.2 as the default gateway for any system that wants internet access. Thoughts?
Last weekend, I setup a wireless bridge between Dad's house and my sister's house. They're out in the country -- no DSL or cable modem -- so my sister still uses dial-up internet access, while my dad uses a Sprint wireless phone hooked to a WinXP PC via USB, which is 3-4 times as fast. The end goal of the project is for my sister to be able to share the higher speed Sprint internet connection. The immediate goal is just to get the two networks working together.
Now, the wireless bridge works great, as advertised, with 2-10ms pings. The problem is that my dad and my sister are on two different subnets, and routing between the two is just a bit past my knowledge. I'm pretty sure it's got something to do with static routing, but I need some hand-holding.
Here's the setup: Network Topology. Pretty simple, but note that "AP1" on Dad's side has router functionality ("AP2" is a bridge slave), as does "Router" on Sister's side.
Using the PC at 192.168.11.2, I can ping across the bridge to 192.168.11.100. But I can't ping anything on 192.168.0.x. Nor can any system on 192.168.0.x ping any system on 192.168.11.x.
I thought that just using a subnet mask of 255.255.0.0 for systems on both sides would make this work. No? Seems not to work.
I can put static routes into "AP1" on Dad's side and "Router" on Sister's side if I need to, but I'm fuzzy on this -- haven't setup static routes in over 10 years. What should the entries be?
Or... is it possible to make a USR5461 just act like a switch? There's no WAN connection at that house, so the routing is really not necessary and it's screwing me up. I wish I could just replace it with a hub/switch, but it's being used both as an 802.11g access point and as a print server.
For the end goal, sharing the Sprint phone for internet, I'm planning to setup WinXP "connection sharing" for the Sprint phone attached to the PC at 192.168.11.2, then just set 192.168.11.2 as the default gateway for any system that wants internet access. Thoughts?
Without the diagram, my initial instinct is that you're using a WAN port on Sister's router, which invokes all kinds of NAT and firewall headaches. Try connecting whatever's on the WAN port (the wireless bridge?) into one of the regular ports on Sister's instead, probably with a crossover cable. Log in to Sister's router, switch off DHCP and any routing functionality you can - now it's basically a switch. Reboot Sister's equipment; it should take addresses from Dad's DHCP server, and you're all set. XP Internet connection sharing is probably just what you want, although watch out for dueling DHCP servers, since it will run one and you probably have one on Dad's router too.
posted by pocams at 1:50 PM on October 16, 2007
posted by pocams at 1:50 PM on October 16, 2007
Jesus, what a headache. You need to simplify your setup.
Barring that, you're looking at your standard shitty double-NAT.
Your USR router should pull an address from the 192.168.11/24 subnet, and use the PC hooked up to the sprint phone as its default gateway once you set up WinXP connection sharing. Do not screw with the subnet mask like you were thinking or did. That won't work. Both are going to be 255.255.255.0.
Your other option is to do as pocams says, but to clarify: you're using a bridge, so use it right. Put them all on the same subnet, don't use the USR as a router.
posted by cellphone at 2:28 PM on October 16, 2007
Barring that, you're looking at your standard shitty double-NAT.
Your USR router should pull an address from the 192.168.11/24 subnet, and use the PC hooked up to the sprint phone as its default gateway once you set up WinXP connection sharing. Do not screw with the subnet mask like you were thinking or did. That won't work. Both are going to be 255.255.255.0.
Your other option is to do as pocams says, but to clarify: you're using a bridge, so use it right. Put them all on the same subnet, don't use the USR as a router.
posted by cellphone at 2:28 PM on October 16, 2007
Addresses in 192.168.0.0/16 are non-routable, maybe your USR is doing the Right Thing by not allowing you to reach them over different subnets.
Have you tried putting everything on the same subnet ?
What gateway are you using for machines in 192.168.0.0/24?
posted by the number 17 at 2:33 PM on October 16, 2007
Have you tried putting everything on the same subnet ?
What gateway are you using for machines in 192.168.0.0/24?
posted by the number 17 at 2:33 PM on October 16, 2007
The core of the problem is simply getting traffic from 192.168.11.x to 192.168.0.x or vice versa, with 192.168.11.2 being the internet-connected machine.
Seems like I have a few options:
1. (Simplest) Give all systems, on both subnets, a subnet mask of 255.255.0.0 and a default gateway of 192.168.11.2. Is there a problem with this approach? (Maybe I accidentally left the system I was pinging to set at subnet mask of 255.255.255.0.)
2. Give all systems a subnet mask of 255.255.255.0. Sister's network will need a default gateway of her "Router", 192.168.0.1, which will need a static route to know how to get to the other network. Do I route directly to the gateway, 192.168.11.2? Or over to Dad's router, 192.168.11.1? Or just to the slave side of the bridge, 192.168.11.100? On Dad's side, subnet mask = 255.255.255.0, default gateway = 192.168.11.1 (?), then make the router determine with traffic goes to 192.168.0.x or to the internet 192.168.11.2 via static route entries. Ugh.
3. Reconfigure everything to be on one subnet, say 192.168.11.x. Then use a subnet mask of 255.255.255.0, default gateway of 192.168.11.2 on every damn thing. (This is probably the simplest, technically, but the most difficult politically, as my sister's household is very averse to change. I expect a lot of "oh great, now you broke the printer!" protests at every step of the way.)
posted by LordSludge at 2:40 PM on October 16, 2007
Seems like I have a few options:
1. (Simplest) Give all systems, on both subnets, a subnet mask of 255.255.0.0 and a default gateway of 192.168.11.2. Is there a problem with this approach? (Maybe I accidentally left the system I was pinging to set at subnet mask of 255.255.255.0.)
2. Give all systems a subnet mask of 255.255.255.0. Sister's network will need a default gateway of her "Router", 192.168.0.1, which will need a static route to know how to get to the other network. Do I route directly to the gateway, 192.168.11.2? Or over to Dad's router, 192.168.11.1? Or just to the slave side of the bridge, 192.168.11.100? On Dad's side, subnet mask = 255.255.255.0, default gateway = 192.168.11.1 (?), then make the router determine with traffic goes to 192.168.0.x or to the internet 192.168.11.2 via static route entries. Ugh.
3. Reconfigure everything to be on one subnet, say 192.168.11.x. Then use a subnet mask of 255.255.255.0, default gateway of 192.168.11.2 on every damn thing. (This is probably the simplest, technically, but the most difficult politically, as my sister's household is very averse to change. I expect a lot of "oh great, now you broke the printer!" protests at every step of the way.)
posted by LordSludge at 2:40 PM on October 16, 2007
Number 3 is the simplest solution, and the proper way to set things up in your situation as cellphone says. Number 1 should probably work, but I may be missing something. Number 2 wil probably not work.
(Also do not allow your users to give you any lip. Next thing you know, they will expect things to work all of the time .)
posted by the number 17 at 2:57 PM on October 16, 2007
(Also do not allow your users to give you any lip. Next thing you know, they will expect things to work all of the time .)
posted by the number 17 at 2:57 PM on October 16, 2007
What's the USR5461's default gateway? Does it have a gateway mode where you can shut off NAT?
You should just make your sister's system do the same subnet and be done with it.
posted by damn dirty ape at 2:58 PM on October 16, 2007
You should just make your sister's system do the same subnet and be done with it.
posted by damn dirty ape at 2:58 PM on October 16, 2007
Looking at the user interface demo for that USR router, I don't even see an option to stop NATing. This means the 16 bit subnet won't work. You would need to give the USR an external IP on 192.168.11.0/24, and a default route of 192.168.11.2 (I don't see how to do that...probably best to set it to use DHCP and let the DHCP server on your Dad's side take care of it. Make sure it will serve DHCP out that interface.). Both sides should have a 24-bit subnet mask. Everything on your sister's side should be set up normally, as DHCP clients of the USR or at least on 192.168.0.0/24 with 192.168.0.1 as the default route. You should be able to connect from any of your sister's PCs to the Internet or anything on your Dad's network, but not vice versa, because your sister's network is behind the NATing USR. This is my best guess and I'm probably wrong.
posted by dreadpiratesully at 3:14 PM on October 16, 2007
posted by dreadpiratesully at 3:14 PM on October 16, 2007
Also, you would need to ensure that AP1 is NOT acting as a router, only bridging. If you can't make it do that, I think you'll probably have to create a third subnet between the two routers.
posted by dreadpiratesully at 3:28 PM on October 16, 2007
posted by dreadpiratesully at 3:28 PM on October 16, 2007
It helped a lot just to think about this "out loud". I was paying too much attention to the wireless link aspect of this and overthinking this whole thing. It's really just one network with two irrelevant routers on it. I can't remember right off-hand, but I was probably trying to use the routers as default gateways, and there's just no need -- the gateway ought to be the PC with the Sprint phone (192.168.11.2), and there's no need to bounce to the router(s) first anyhow. I'm just using them as hubs, really.
Will give this another shot this weekend. I'll try #1 first, cuz it's a piece of cake. If that doesn't work, I'll do #3. It's only #2 that gets into needlessly complex routing tables.
Realizing that it's just a big network will also make #1 much easier to test: I can just sit at Dad's house, assign my laptop an IP from Sister's network, and send test pings to the PC on Dad's network right next to me without having to run myself between the two houses.
Thanks all -- will let you know how it goes!
posted by LordSludge at 11:00 AM on October 18, 2007
Will give this another shot this weekend. I'll try #1 first, cuz it's a piece of cake. If that doesn't work, I'll do #3. It's only #2 that gets into needlessly complex routing tables.
Realizing that it's just a big network will also make #1 much easier to test: I can just sit at Dad's house, assign my laptop an IP from Sister's network, and send test pings to the PC on Dad's network right next to me without having to run myself between the two houses.
Thanks all -- will let you know how it goes!
posted by LordSludge at 11:00 AM on October 18, 2007
Over the weekend, I went back for round two and set things up per #1 above. Worked great, for the most part, with two glitches:
1. I disabled the DHCP server on Dad's side, because his two PCs are easily setup with hardcoded IP addresses. The DHCP server on Sister's side is built into the USR router, and is being too smart forits my own good -- I can't find a way to alter the Default Gateway (it assumes IT must be the Default Gateway) and DNS Servers it leases out. Other than that, any PCs with hardcoded IP address settings work great.
2. There's something flaky about sharing the phone for the network internet connection. I haven't isolated what's causing it, but it will drop the connection if accessed from Sister's network.. or something like that. Dunno if it's the Microsoft connection sharing software, or the Sprint phone, or some interaction between the two.
Still, the network as a whole works well, and the addressing issues are ironed out, with the above exceptions. Thanks for the help!
posted by LordSludge at 11:23 AM on October 24, 2007
1. I disabled the DHCP server on Dad's side, because his two PCs are easily setup with hardcoded IP addresses. The DHCP server on Sister's side is built into the USR router, and is being too smart for
2. There's something flaky about sharing the phone for the network internet connection. I haven't isolated what's causing it, but it will drop the connection if accessed from Sister's network.. or something like that. Dunno if it's the Microsoft connection sharing software, or the Sprint phone, or some interaction between the two.
Still, the network as a whole works well, and the addressing issues are ironed out, with the above exceptions. Thanks for the help!
posted by LordSludge at 11:23 AM on October 24, 2007
This thread is closed to new comments.
posted by pocams at 1:45 PM on October 16, 2007