On Mon, 4 Aug 2003, Peter Mairhofer <(E-Mail Removed)> wrote:
> I have to configure two private networks.
>
> One "bigger" network which should have the netmask 255.255.0.0:
>
> 192.168.0.0/255.255.0.0
>
> My "private" network (Class C) 192.168.200.0/255.255.255.0
>
> My Linux gateway has two network cards and each card connects
> one network of the nets described.
>
> But soon I realized that something was wrong. After debugging with
> tcpdump and ping I found out that the problem must be the netmasks.
>
> When I send a ping from a Windows PC in 192.168.100.0 to a station
> in the 192.168.0.0 I always got a timeout. In tcpdump I could see that
> the request was reached and routed correctly by the linux gateway
> but there was no response, there was just an ARP request asking
> for the MAC address of the PC in the 192.168.100.0 network.
> This is logical, because the PC in 192.168.0.0/255.255.0.0 believes
> that the other PC is in the same subnet.
I do not understand why ping from 192.168.100.0 to anything in
192.168.0.0/16 net (other than 192.168.200.0/24 net) should have anything
to do with your Linux box, since that is all on the same network.
However, for boxes in the big net to access the 192.168.200.0/24 net,
boxes in the big net would either need a gw to you for that net or you
would need to proxy_arp for the small net. Either way, small net boxes
would need a gw to your Linux box to reach big net.
To enable proxy_arp on the big net interface so it answers arp for the
small net, make sure that ip_forward is enabled and not blocked by
iptables. Assuming eth0 is big net:
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
> After a lot of desperation I had the solution: Somewhere I read of
> complex subnet masks like 255.255.240.0. I tried it out and that
> part worked. But now other parts did not work.
> I now that the subnet mask tells the important bits of the address
> but somehow I didn't get it working - I can't find out what's the
> right subnet mask for each network. At the moment I have:
>
> 192.168.200.0/255.255.255.0
> 192.168.0.0/255.255.240.0
The latter would give you a broadcast address of 192.168.15.255 which
would only address IPs up to 192.168.15.254.
> I my new configuration, the net 192.168.0.0 should have the subnets
> 192.168.0.1(-192.168.0.255) up to 192.168.99.1(-192.168.99.255)
No single netmask falls on that boundary. 255.255.192.0 would cover max
IP of 1 less than 192.168.63.255. Or 255.255.128.0 would cover up to 1
less than 192.168.127.255. Maybe (3) -net routes for that same
interface would cover it, except you might not be able to use broadcast
IPs 192.168.63.255 or 192.168.95.255 (maybe you could if you had -host
routes for them):
192.168.0.0/255.255.192.0
192.168.64.0/255.255.224.0
192.168.96.0/255.255.252.0
> My other network should just have the network 192.168.200.0/255.255.255.0.
>
> Everything bigger than xxx.xxx.99.xxx which is not xxx.xxx.200.xxx should
> be reserved, so the former network 192.168.0.0/16 should only be able to
> address 192.168.0.1 to 192.168.99.255 any more.
Not sure what you mean by "reserved", but it would be easier to cover
everything with the 192.168.0.0/255.255.0.0 net. If broadcast address
matters for anything (like smb broadcasts) there is no single subnet that
exactly covers your 192.168.0.0-192.168.99.255 range.
PS: one site I found for calculating netmasks is
http://screamer.mobrien.com/net.shtml
--
David Efflandt - All spam ignored
http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/
Similar Threads
Linear Mode
