-1

I had multi WAN router with LAN address of 192.168.10.1/24.

Also, I had a device with address 192.168.100.1, which was connected BEHIND WAN1 interface.

To access this device, I have added a static route to the router

route add 192.168.100.1 mask 255.255.255.0 WAN1

and it was working.

Now I have extended netmask of my LAN from 255.255.255.0 to 255.255.0.0 and after that static routes stopped to work or became illegal.

Why and how to fix?

DavidPostill
  • 153,128
  • 77
  • 353
  • 394
Dims
  • 12,244
  • 78
  • 161
  • 252
  • Based on this and your previous question, I think that either you might want to call in a network person or read a little bit more about IPV4 networking construction. – mdpc Sep 20 '14 at 23:06
  • It is not related with my previous question. Yes I agree that there appeared to be no network persons here and probable better to use telephone or even telegraph to find them :) – Dims Sep 20 '14 at 23:09

2 Answers2

3

So if you think about it, this makes sense that it stopped working. The key piece of information was this:

I have changed netmask on a router. This automatically caused change in DHCP, which in turn changed netmasks on all clients (when leases expired of course).

Now, I can explain why this doesn't work - however to gain a fuller understanding, you should read up about networking in general.

So you mentioned that you LAN interfaces had network space of 192.168.10.0/24. DCHP would ensure that all clients on that network would exist in that IP space as well. This means the routing table probably looked like this:

Destination     Netmask         Route Type  Gateway         
192.168.10.0    255.255.255.0   connected   *               
0.0.0.0         0.0.0.0         default     192.168.10.1

To understand this route table, you need to understand a little about routing.

  • Connected - This is the route associated with the interface address and netmask. IP addresses that exist within this network space are connected to directly. That is, the host will ARP for the address and then send traffic to that host directly. No intermediary router (gateway) is required.
  • default - This route is the route for which all traffic that does not fall within the confines of other routes in the table. This is generally the route required to get on the Internet. This is also a static route.

If you have a client on the 192.168.10.0/24 network, say 192.168.10.10, who wanted to talk to IP address 192.168.10.15 it would consult the routing table to see how it should do so. This would match the connected route (it would do so by performing a bitwise and on the destination IP and the netmask in the routing table). 192.168.10.10 would then ARP for 192.168.10.15 and communication would continue from there.

In the case of 192.168.100.1 however, a computer on the 192.168.10.0/24 network would check the routing table and only find a match on the default route, as such it would send the traffic the the router (the gateway), which has a route to that network.

When you grew the network from a 192.168.10.0/24 to a 192.168.0.0/16 network you changed the routing table as well. The routing table now looked like this:

Destination     Netmask         Route Type  Gateway         
192.168.0.0     255.255.0.0     connected   *           
0.0.0.0         0.0.0.0         default     192.168.10.1

As a result, now when you attempt to go to 192.168.100.1 the look up to the routing table would match the connected route. As a result, your hosts are performing an ARP query to find the device, not sending the traffic to the router. The ARP query is failing as the device does not exist on the same LAN, rather it needs to go over a router hop.

Now, it is possible to have the router perform a "proxy arp" for the device, but that is dependent on the router software.

On a more pedantic and pedagogical perspective, it is generally considered bad practice to have a connected route, and then create a smaller static route within that connected route. This can lead to numerous issues down the line. In this case, you have a /16 from which you have carved out a /24 to go to another interface. Even if you made the /24 a host route, it is still bad practice. Most router software will not even let you do this, throwing an error if you try. Now, while it is possible to function using such a set up, it is recommended that you use wholly separate IP spaces.

It looks like you are interested in doing a lot of networking stuff, which is good. This is a difficult field, and there a lot to wrap your head around in this area. I suggest you read up a little about this, so that you can understand what is actually happening.

One book I enjoyed was Network Warrior from O'Reilly Media. This book teaches a lot of Network fundamentals. This of course is my opinion, there are many other resources available, free or otherwise.

prateek61
  • 1,156
  • 7
  • 13
  • But I have static route on router. It can be something like `192.168.100.1/32` -> `WAN1`. Should this route distributed over `RIP` to clients so that they knew how to reach given address? – Dims Sep 21 '14 at 15:40
  • Like I said, the static route on the router means nothing to the clients. They are not even sending the traffic to the router. They are performing an ARP request looking for the address, it is not sending it to the router to be forwarded. Regarding distributing the route via RIP. Short answer, yes, yes you can. However, just because you can do something doesn't mean you should. Running RIP to all your clients won't be easy, but it is your choice. You can also is create static routes on all your clients with a `192.168.100.1/32` route. But like I said before, all this is breaks best practices. – prateek61 Sep 21 '14 at 15:51
0

When you change the network mask, it is a little more complicated than just simply using a different netmask on one machine. You have to change netmasks for ALL attached network equipment (i.e. routers, switches) as well as the ethernet interfaces on all the machines to match. Also, you would need to change any of the associated DHCP netmask handouts as well. If you do not things do not work as you have seen.

What you most likely have here is one or more machines or pieces of network equipment where your netmask is incorrect.

mdpc
  • 4,429
  • 9
  • 28
  • 36
  • I have changed netmask on a router. This automatically caused change in DHCP, which in turn changed netmasks on all clients (when leases expired of course). Ip address and netmask of `192.168.100.1` device had not changed since it is static. – Dims Sep 20 '14 at 23:07
  • You have to change the static device then to properly match the netmask in use. – mdpc Sep 20 '14 at 23:08
  • Why? Suppose it has netmask `/24`. It will forward it's responses then, which is okay. – Dims Sep 20 '14 at 23:11
  • Your use is improper and unsupported. Thus your problems. – mdpc Sep 20 '14 at 23:12