Practical (not theoretical) Subnetting 192.168.0.0/25

networking subnet ipv4 router

I don't think you can properly do what you are trying to with your current router (unless you can upgrade it to OpenWRT or equivalent.). Its also A LOT harder to do then you think - and probably can't be done through the web interface alone.

As has already been pointed out, each subnet needs to point to the router with an IP in its own netblock.

Thus on LAN Interface of the router you need to have 2 IP addresses - 192.168.0.1 and 192.168.0.254 (or, in the second case, an Ip address in 192.168.0.129 - 192.168.0.254 which you are not using). In order to do this you need to bind a second IP address to the router, and it does not appear to allow you to do this.

Even if you do achieve the above, you are still only part way to your goals. If you are using DHCP, you need to have the DHCP server answer on both subnets, and provide IP's in the appropriate range for each subnet. Again, this is doable but probably not with your current router.

The question to ask though is "Why are you doing this". Doing this does not buy you any significant security/isolation because the systems are still on the same segment, ie computers in one half can read and respond to broadcast traffic in the other half. The typical way of handling this problem is thus a bit more complex - and again, you need more powerful router software to pull it off. (In order to fully understand what I'm going on about here, you need to understand the difference between a subnet and network segment - the 2 concepts go hand-in-hand, and generally 1 subnet=1 segment, but you are describing 2 subnets on 1 segment - which is often not what you want)

The way I have done something similar is thus - I got a router which supported OpenWRT. I configured the LAN ports on the router into different VLANS. (Most 4 port routers are interesting in as much as the 4 lan ports are actually individually accessed, and the software makes them appear as a switch and interchangeable - but you can actually program them to be on different VLANS, and provide per-port isolation). You then put each VLAN in a different subnet, and assign an IP address to the router interface for each subnet. You will probably need 2 switches (if you have more then 3 devices in any subnet) - you would need to use 1 of the switches for each subnet. In this way computers are in different network segments and - from a practical POV - can't talk to each other without going through the router. [ That said, I can point you to articles which say don't rely on VLANS for security - although I don't agree with their conclusions ]


I'm really sorry to do this but I just answered my own question by setting up a static route. I just pretty much followed these directions but tweaked a little: https://www.dd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes

On the first router (Netgear WGR614v7) here's the static route config:

  • Private: yes
  • Active: yes
  • Destination IP Address: 192.168.0.128
  • IP Subnet Mask: 255.255.255.128
  • Gateway IP Address: 192.168.0.2
  • Metric: 2

There's an ethernet cable running from the LAN port on the Netgear to the WAN port on the Linksys.

Now here's the 2nd router's config (Linksys BEFSR41v2):

LAN IP Address

  • Device IP Address: 192.168.0.129
  • Subnet Mask: 255.255.255.128

WAN IP Address (You can use DHCP from Netgear but I used static):

  • WAN IP Address: 192.168.0.2
  • Subnet Mask: 255.255.255.128
  • Default Gateway: 192.168.0.1
  • DNS: (Just use whatever your ISP gave you)

I enabled dhcp on both routers and I can't believe it worked.

  • On the Netgear I set the range from 192.168.0.50 to 192.168.0.99
  • On the Linksys I set the range from 192.168.0.150 to 192.168.0.199

All hosts from both networks have internet access.

One thing I noticed is that hosts from the first subnet (192.168.0.0/25) cannot ping hosts from the second subnet (192.168.0.128/25) but hosts from the second subnet can ping hosts from the first.

I'd like the subnets to be mutually exclusive to each other but that will have to be another question.

Edit: The static route is completely unnecessary for a minimal setup for mutually exclusive subnets. Just make sure to power cycle the routers after configuring them if they don't work. Here's how I found out: http://www.linksys.com/ca/support-article?articleNum=132275#b

Related

Ubuntu live USB drive not recognized by mac
Delete a single site's cookies in Chrome 59+?
Exchange Management Shell "Could not find any available Global Catalog in forest"
Openstack: Are components related to a keystone::project auto garbage-collected upon project deletion?
libvirt: virtual drives gone after snapshot - VM still running
Is it possible to open a CSF-LFD closed port without attaching an IP to it?
apache httpd is restarting once a day with error AH00428: Parent: child process xxxxx exited with status 3221225477 -- Restarting
Azure Virtual Machine Firewall
Terraform: Getting the public IP of a Windows vm in Azure
Powershell disable azure subscription
Can VCenter use mac book pros as physical hosts?
How to estimate how long an rsync of 427GB directory comprises of 470k subdirectories and 4476k files would take?