0

I'm mainly a programmer but I've got quite interested in networking lately and I've started to tinker with my home network a bit.

I was trying to set my spare modem to test changes before rolling them to my actual home network but i got stuck. I've changed the network with base ip 172.27.0.0 and subnet mask 255.255.0.0.

I have various "servers" and other services like vpn and a domain controller (i know it's very overkill but I like to play with these things and learn how they work). I don't know the correct terminology for some stuff but I would like to have different groups of IPs for different things, i.e. 172.27.1.0 for servers, 172.27.2.0 for devices on the network and 172.27.3.0 for devices connected in vpn.

My understanding is that in theory devices or network set with the subnet mask 255.255.255.0 shouldn't be able to see the other groups' devices, while with the subnet mask 255.255.0.0 (as it's now set) I should be able to ping a pc with ip 172.27.2.1 from a pc with ip 172.27.3.1, right? Well if this is the case then I might be doing something wrong or perhaps the modem I'm trying it with doesn't support communication between different groups of ips and defaults to a subnet mask of 255.255.255.0?

I hope my situation is clear enough and someone can help me find a solution! Thank you in advance

Improve this question
4
  • That is incorrect. 172.27.0.0 is a subnet of the RFC1918 private range 172.16.0.0/12. So it is perfectly fine to use in this case.
    – Ron Trunk
    Commented Jun 13, 2022 at 12:53
  • I have 2 computers, both with subnet mask 255.255.0.0 and one with the ip 172.27.0.2 and the second one with the ip 172.27.2.1. my modem has the network set to 172.27.0.1 with subnet mask 255.255.0.0. when on both PCs I do a ping command to the other pc it just fails...
    – Fraŋkini
    Commented Jun 13, 2022 at 13:11
  • After ping fails, does the other device's MAC address at least show up in ip neigh or arp -a? And can both devices ping the modem (gateway)? What ports does the modem have, physically, and how/where are the devices connected? Were they able to talk before?
    – grawity_u1686
    Commented Jun 13, 2022 at 13:50
  • Check that your PC does not have a firewall enabled.
    – Ron Trunk
    Commented Jun 13, 2022 at 13:53

1 Answer 1

Reset to default
1

I think you have a misunderstanding of the use of subnet masks.

I don't know the correct terminology for some stuff but I would like to have different groups of IPs for different things, i.e. 172.27.1.0 for servers, 172.27.2.0 for devices on the network and 172.27.3.0 for devices connected in vpn.

The "groups" you refer to are called "subnetworks" or "subnets." To forward traffic between subnets (e.g., 172.27.1.0/24 to 172.27.2.0/24), you need a router.

My understanding is that in theory devices or network set with the subnet mask 255.255.255.0 shouldn't be able to see the other groups' devices, while with the subnet mask 255.255.0.0 (as it's now set) I should be able to ping a pc with ip 172.27.2.1 from a pc with ip 172.27.3.1, right?

All devices connected to a subnet must have the same subnet mask.

If you want to restrict access between subnets, you need a router that has access control lists (ACLs).

Improve this answer
6
  • This. But also note that if all these subnets are on the same Ethernet/Wi-Fi LAN (more precisely, if they're on the same link-layer multicast/broadcast domain), devices will still be able to see and talk to each other via IETF ZeroConf (a.k.a. Apple Bonjour, mDNS) and other multicast-based discovery protocols. ZeroConf is specifically designed to get around subnet mismatches in order to "just work". So if you really want to separate these devices from talking to each other, you need a VLAN-capable switch so you can put them on separate LANs (separate link-layer multicast/broadcast domains).
    – Spiff
    Commented Jun 13, 2022 at 16:30
  • Hi, thank you for your reply! So do you mean I'm going to need a separate router for each subnet all connected to a main router, which would also be my wlan modem?
    – Fraŋkini
    Commented Jun 13, 2022 at 18:18
  • i thought there was a way to set an ip to /16 instead of /24 and they would all automatically see eachother instead of still being their separate subnets of /24 if it makes sense
    – Fraŋkini
    Commented Jun 13, 2022 at 18:25
  • No, you need one router with multiple interfaces (a commercial version, not a home router). You can create one subnet with a shorter mask (/16), but then you have one subnet can't do any filtering between devices.
    – Ron Trunk
    Commented Jun 13, 2022 at 18:34
  • I don't need filtering, i would like to assign ips manually for some static devices, have the dhcp assign in the 172.27.2.x range and my vpn server will assign in the 172.27.3.x range, i just need them to communicate as if they were in the same subnet, nothing more. The problem I'm having is that the devices can't access internet and can't see eachother
    – Fraŋkini
    Commented Jun 13, 2022 at 18:41

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .