Trying to implement '3 dumb routers' using Sky routers

74 views
Skip to first unread message

Alex Gibson

unread,
Jul 9, 2021, 2:16:11 PMJul 9
to reading-...@googlegroups.com

…and it’s not going well.

 

I am trying to implement ‘3 dumb routers’ so that I can have a pair of completely separate networks, one ‘trusted’ and the other fully wild West ‘internet of crap’.

 

https://www.pcwrt.com/wp-content/uploads/2018/06/3-dumb.png

I have a new Sky SR203 router, plugged into the phone line.  

Wall mounting bracket for the new Sky Internet Router Hub (models SR203 /  SR204): Amazon.co.uk: Electronics & Photo (IP ADDRESS SET TO 192.168.0.1)

 

Into it’s 1st LAN port is a cable to port 1 on a Sky SR102 router.  I have 2 of these but only the ‘TRUSTED’ one connected at all right now.

 

 

TRUSTED                                                                              UNTRUSTED

(IP ADDRESS SET TO 192.168.1.1)                               (IP ADDRESS SET TO 192.168.2.1)

Sky Hub SR102-Z Wireless N Internet Router Modem - Black    Sky Hub and Sky Q Hub: What are Sky's routers like?

 

My PC is connected to the ‘trusted’ router via a cable and basic switch.  It is set to static IP 192.168.1.2.  ALL of the devices are currently using mask 255.255.0.0 to make them somewhat tolerant of change – I could lock down further when working better.

 

In theory that’s all the bases covered and all the hardware is ‘working’ – I’m on the internet from the PC right now – via the SR102 to the SR203 to the broadband.

 

However I am struggling to get the SR203 to act as a modem only – and the SR102 to act as a router only – so I don’t yet have the separation that is the point of the exercise.

 

-          My PC will only go online if I set the default gateway to 192.168.0.1 – the Sky SR203 router at the top.

-          I can set either router up as a DHCP server (limiting the ranges to avoid any conflict) – but if I turn off the DHCP on the SR203 nothing connects to the internet.

-          Both routers have these mode options in ‘WAN setup’:

 

-          I hoped I could set the SR102 to ‘WANOE ONLY’ and the SR203 to ‘DSL Only’ but that did not work (as in no internet and I could no longer connect to the SR203 via its IP).

 

I’ve had success in the past using Netgear routers as Wifi Access points, for example, so I am concerned that the reason I’m unable to do this is that the Sky branded routers are too far locked down for this to work properly.  But I would love to be wrong about that and find that I have missed something.

 

Any ideas?

 

 

Alex Gibson

 

+44 7813 810 765    @alexgibson3d    37 Royal Avenue, Reading RG31 4UR

 

admg consulting

 

edumaker limited

 

·         Project management

·         Operations & Process improvement

·         3D Printing

 

image001.jpg
image002.jpg
image009.png
image004.jpg
image008.jpg

Jeremy Poulter

unread,
Jul 9, 2021, 3:01:01 PMJul 9
to rLab List
Hi,

I haven't looked into the exact hardware details yet, but... 

Assuming you are using the default firmware, I don't think you will be able to do this as the WAN connection of all the routers will be the ADSL line, not any of the Ethernet ports.

So I think we you are just essentially connecting 3 internal networks together.

If you are lucky installing OpenWRT may enable you to use one of the Ethernet ports as the WAN, but probably not on an OEM (cheap) router.

All that being said most new routers have a guest network setting which gives you a separate network and will do what you want.

Cheers,

Jeremy

--
You received this message because you are subscribed to the Google Groups "rLab / Reading's Hackspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reading-hacksp...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/reading-hackspace/007b01d774ee%24768030b0%2463809210%24%40alexgibson.net.
image001.jpg
image002.jpg
image009.png
image004.jpg
image008.jpg

Gavin

unread,
Jul 9, 2021, 3:02:31 PMJul 9
to reading-...@googlegroups.com

Far from an expert on this and I’d defer to the advice of others but I have done something similar myself in the past. The magic search-terms to figure out how to get my configuration to work was ‘cascade router’. 

With this setup (I was using two low- to mid-range Asus routers), one - Router1 - acted as the modem+router, the other just as a router. The *WAN* port on Router2 was connected to one of the LAN ports on Router1. 

There was then some fairy straightforward settings to change to get address allocations working correctly. There are plenty of forums online with people providing details of their set-ups and offering advice. Also worth looking at guidance on VPN provider websites (ultimately where I found the right settings for mine) as this set-up is quite commonly used by people to provide a separate VPN’d network. 

Good luck

Gavin


--

Alex Gibson

unread,
Jul 9, 2021, 4:46:58 PMJul 9
to reading-...@googlegroups.com

Thanks Gavin and Jeremy

 

So I guess it looks like I’m trying to do the right thing, but with the wrong tools for the job.

 

I had thought that this might be the correct mode and would do the job for the two second-tier routers – as the helpful in-menu setup photo clearly shows a setup connecting the SR102 to a modem via Ethernet… clearly there is a hardware capability there to do what I need – but maybe not the software…

 

 

If I can find a suitable pair of second-tier routers which have an Ethernet WAN port – can I at least use the (new) Sky router as the modem still?

 

Cheers,

 

Alex Gibson

 

+44 7813 810 765    @alexgibson3d    37 Royal Avenue, Reading RG31 4UR

 

admg consulting

 

edumaker limited

 

·         Project management

·         Operations & Process improvement

·         3D Printing

 

image001.png

Alex Gibson

unread,
Jul 9, 2021, 4:56:55 PMJul 9
to reading-...@googlegroups.com

From the OpenWRT website it seems there is a build that can be flashed to my two second tier routers.

 

I’m checking I understand the terms correctly…  if I read the warnings below right, it looks like I may likely lose:

a)       Wi-fi – no big deal, I have other access points I can use and it wasn’t the best

b)      Original broadband connection via phone line – that’s what I want to disable anyway!

 

 

As I have 2 of these, and they are redundant if not used for this, I’m tempted to try it anyway – but any thoughts on trying to flash OpenWRT to unlock the stripped down router function I need for 3-dumb-routers??

 

Cheers,

 

Alex Gibson

 

+44 7813 810 765    @alexgibson3d    37 Royal Avenue, Reading RG31 4UR

 

admg consulting

 

edumaker limited

 

·         Project management

·         Operations & Process improvement

·         3D Printing

 

image002.png
image003.png

Jeremy Poulter

unread,
Jul 9, 2021, 5:11:27 PMJul 9
to rLab List
Hum... I guess in principle that would do the trick....

Actually thinking about it more could be the netmask that is the problem, because you are using 255.255.0.0 all 3 ranges are on the same subnet so the intermediate routers will not know which interface to send traffic out of. Try setting to 255.255.255.0 on all routers.

Cheers,

Jeremy

Alex Gibson

unread,
Jul 9, 2021, 5:14:15 PMJul 9
to reading-...@googlegroups.com

I’ve noticed that if I enable WANoE – which I’m pretty sure means Wide Area Network over Ethernet on the second-tier modems, then I can no longer access the internet, nor can I even get to the IP address of the top tier router.

 

I had taken this as a sign of failure – but maybe it’s is it should be?  This is clearly a mode where the SR102 routers are expecting to get their WAN over a specific Ethernet socket, from a (BT Openreach FTTC) modem.

 

So maybe I just need to set up the right mode in the SR203 (first tier) router FIRST – if that’s actually possible… will try it.

image001.png
image002.png

Alex Gibson

unread,
Jul 9, 2021, 5:15:48 PMJul 9
to reading-...@googlegroups.com

Costs nothing to try that, will do, thanks Jeremy!

Error! Filename not specified.

I have a new Sky SR203 router, plugged into the phone line.  

Error! Filename not specified. (IP ADDRESS SET TO 192.168.0.1)

 

Into it’s 1st LAN port is a cable to port 1 on a Sky SR102 router.  I have 2 of these but only the ‘TRUSTED’ one connected at all right now.

 

 

TRUSTED                                                                              UNTRUSTED

(IP ADDRESS SET TO 192.168.1.1)                               (IP ADDRESS SET TO 192.168.2.1)

Error! Filename not specified.    Error! Filename not specified.

 

My PC is connected to the ‘trusted’ router via a cable and basic switch.  It is set to static IP 192.168.1.2.  ALL of the devices are currently using mask 255.255.0.0 to make them somewhat tolerant of change – I could lock down further when working better.

 

In theory that’s all the bases covered and all the hardware is ‘working’ – I’m on the internet from the PC right now – via the SR102 to the SR203 to the broadband.

 

However I am struggling to get the SR203 to act as a modem only – and the SR102 to act as a router only – so I don’t yet have the separation that is the point of the exercise.

 

-          My PC will only go online if I set the default gateway to 192.168.0.1 – the Sky SR203 router at the top.

-          I can set either router up as a DHCP server (limiting the ranges to avoid any conflict) – but if I turn off the DHCP on the SR203 nothing connects to the internet.

-          Both routers have these mode options in ‘WAN setup’:

Error! Filename not specified. 

Alex Gibson

unread,
Jul 9, 2021, 6:06:19 PMJul 9
to reading-...@googlegroups.com

I’ve put everything on the same subnet, Both routers set to subnet mask 255.255.255.0.

 

I’ve set the main Sky router (SR203) to ‘DSL only’ WAN mode (since it’s plugged into the phone line).  This works fine.

 

I allowed both routers to be DHCP servers – one 03-99, the other 100-254.

 

I’m able to access the internet from my PC while the second-tier router is set to WAN mode ‘auto’ OR ‘DSL only’ – but if I set it to  WANoE Only, I can no longer connect to the internet from my PC.

 

Weird.  Seems completely backwards to me – I’d expect to get nothing at all if second tier is set to ‘DSL only’ as there’s nothing plugged into its phone socket.

 

Alex Gibson

 

+44 7813 810 765    @alexgibson3d    37 Royal Avenue, Reading RG31 4UR

 

admg consulting

 

edumaker limited

 

·         Project management

·         Operations & Process improvement

·         3D Printing

 

Gavin

unread,
Jul 9, 2021, 6:27:18 PMJul 9
to reading-...@googlegroups.com
Have you tried:
- using one of the 102s as you primary connection to the internet to provide one subnet 
- connecting the WAN port of the 203 (from pics on the internet, is this the pink port? - I can’t make out what connector it has) to a LAN port on that 102 setup to provide the other subnet
- put the other 102s on one subnet or the other

Gavin


Alex Gibson

unread,
Jul 9, 2021, 6:46:36 PMJul 9
to reading-...@googlegroups.com

Interesting, thanks Gavin

 

-          I have not considered using a SR102 as the primary connection – as the SR203 is pretty much just a newer/better version of the same, with the same sorts of menu options.  Al other things being equal it would be the better one to use as the broadband modem.  But it can’t hurt to try another way round really!

-          The pink/purple socket on all 3 routers is an RJ11 connector for plugging into the phone line.  I’ve not considered attempting to connect that to a LAN socket.  I’d have to check that electrically nothing about that connection could cause harm, and then I’d be willing to try it between the 2 SR102’s as they are effectively free

 

 

The ‘WANoE’ mode clearly indicates that one of the Ethernet connectors is for this purpose – and research shows it’s supposed to work fine with a BT FTTC modem - it just doesn’t seem to do anything when plugged into a LAN socket on the upstream router…

-         

 

You’ve given me an idea… to keep the Ethernet cable plugged into the designated WAN Ethernet socket on the downstream router, but ensure that the other end of the CAT6 cable is plugged into a NON WAN socket on the upstream router… IE one of the other 3.  Just in case there’s any difference!

 

Cheers,

 

Alex Gibson

 

+44 7813 810 765    @alexgibson3d    37 Royal Avenue, Reading RG31 4UR

 

admg consulting

 

edumaker limited

 

·         Project management

·         Operations & Process improvement

·         3D Printing

 

Error! Filename not specified.

image001.png

Gavin

unread,
Jul 9, 2021, 7:07:20 PMJul 9
to reading-...@googlegroups.com
Ah. Didn’t realise that the 102s had WAN sockets - hence me suggesting that you swap the units around as I can see from the advertising blurb that the 203 does. Had assumed it was the pink one as I thought the two next to it were the phone connections. I wouldn’t connect via the pink socket unless you’re sure it is for WAN and not something else. 

Ultimately it may be that the firmware simply can’t do what you need. After you’ve tried all the obvious, I’d be tempted to get hold of a cheap secondhand non-telco branded unit with more open support. From experience, I rate Asus at that end of the market - fully featured firmware and tonnes of info on how to setup for your provider and do all sorts of different configurations. 

Gavin


Alex Gibson

unread,
Jul 9, 2021, 7:21:17 PMJul 9
to reading-...@googlegroups.com

Sounds good.  As a last ditch with all-Sky firmware I’m about to try just swapping Ethernet sockets on the upstream SR203 in case they perform differently.  That probably won’t work but is near zero effort.

 

Then I will try converting one of the SR102’s to OpenWRT just for the experience really, might even work. 

 

Then assuming that does nothing helpful I will go looking for an Asus box on eBay! 

image001.png

Paddy Duncan

unread,
Jul 10, 2021, 1:06:42 AMJul 10
to reading-...@googlegroups.com

This absolutely should be possible but…

If you want them to be routers they need to be connected to different routes (WAN vs LAN) ie the subnet masks have to be 255.25.255.0.  With 255.255.0.0 you are asking them to be switches between WAN & LAN and that they are not.

So you should have:

SR203: 192.168.0.1/24

SR103/1: WAN 192.168.0.2/24 LAN 192.168.1.xxx/24

SR103/2: WAN 192.168.0.3/24 LAN 192.168.2.xxx/24

 

Hope this helps

Paddy

 

Image removed by sender.

Virus-free. www.avg.com

 

--

You received this message because you are subscribed to the Google Groups "rLab / Reading's Hackspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to

~WRD0000.jpg
image001.png

Paddy Duncan

unread,
Jul 10, 2021, 1:11:23 AMJul 10
to reading-...@googlegroups.com

PS with slightly better nomenclature: ‘need to span separate networks’ not ‘need to be connected to different routes.

image001.png
image002.jpg

Paddy Duncan

unread,
Jul 10, 2021, 1:47:23 AMJul 10
to reading-...@googlegroups.com

Plus of course the default gateways of each device set to its respective upstream device LAN address

image001.png
image002.jpg

Alex Gibson

unread,
Jul 10, 2021, 7:44:22 AMJul 10
to reading-...@googlegroups.com

Hi Paddy

 

I’m revisiting this… you’ve reminded of some important points – I agree I don’t want to be asking them to be switches between LAN and WAN.

 

Just checking we’re on the same page…  The point of ‘three dumb routers’ is absolutely not to ‘bridge’ two networks.  I’m trying to isolate the networks totally.  Each of the ‘downstream’ routers is acting as THE router for its own network, and is unaware of the other.

 

Of course both need to ‘get internet’ from somewhere – the ‘upstream’ router.

 

SR203: 192.168.0.1/24

SR103/1: WAN 192.168.0.2/24 LAN 192.168.1.xxx/24

SR103/2: WAN 192.168.0.3/24 LAN 192.168.2.xxx/24

 

I agree with your proposed IP Settings – so you probably already ‘get’ what I’m doing – I’m just not sure whether these Sky routers are able to let me be so specific.  Which is annoying as the SR102 is clearly capable of being hooked to a FTTC modem.

 

Having another go today.

 

Alex Gibson

 

+44 7813 810 765    @alexgibson3d    37 Royal Avenue, Reading RG31 4UR

 

admg consulting

 

edumaker limited

 

·         Project management

·         Operations & Process improvement

·         3D Printing

 

image001.png
image003.jpg

Paddy Duncan

unread,
Jul 10, 2021, 9:57:22 AMJul 10
to reading-...@googlegroups.com

Hi Alex,

 

Yes we are on the same page…

Do note though that just being on different networks does not ensure isolation – routers like to route (er it’s their job) , and by default they will possibly be aware of each other because of the shared WAN net. If they were ‘normal’ routers they would happily route amongst themselves. I don’t know how ‘normal’ they might be but (probably not) if there is a choice in their config, be sure to set them to NAT not route (having no choice will mean NAT almost certainly). That would probably be enough, assuming your intermediate network isn’t compromised. And then they also presumably have firewalls which probably default to not allowing anything in that wasn’t requested from the inside – do check though..

image001.png
image002.jpg

Brian Gregory

unread,
Jul 10, 2021, 10:57:47 AMJul 10
to reading-...@googlegroups.com
As I understand it all devices on a ethernet network MUST HAVE THE SAME SUBNET.
If you don't do this broadcasts will be sent to incorrect IP addresses.
You can't have one end as 255.255.255.0 and the other as 255.255.0.0.



--

Alex Gibson

unread,
Jul 10, 2021, 12:39:11 PMJul 10
to reading-...@googlegroups.com

That’s true if you WANT the devices on it to discover one another… and have fewer than 256 devices.

 

Within each network, yes all devices will normally be using the same subnet, and netmask 255.255.255.0.  Noting that there are cases where even within one network you may want to operate multiple subnets – as a netmask of 255.255.255.0 limits you to ‘only’ 256 devices – probably not a practical limit in most home networks, and I probably won’t even exceed it with a ton of IOT devices – but it’s a perfectly reasonable setup to have devices within a network having netmask 255.255.0.0 – which allows them to ‘see’ others within the lower 2 groups.

 

For example, the router itself and one ‘main’ computer having 192.168.X.Y and netmask 255.255.0.0 – and then devices within the network having addresses 192.168.X1.Y1, and netmask 255.255.255.0, they are each discoverable by and can see the router and the PC and each other within their subnet, but not other devices on different subnets which the router and PC can see.

 

It’s all perfectly OK to set up like that, you do need a clear head when setting up, and in most domestic cases it’s by far easiest to stick to the lowest subnet only for simplicity’s sake.

 

All this is separate from the WAN IP – Jeremy’s reminding me that if communicating with the ‘upstream’ router from the WAN port of the ‘downstream’ router, that connection needs to be consistent with the settings on the upstream router.  I don’t see an opportunity to configure that using these routers – which might be part of the problem.  Maybe OpenWRT will allow me to get control of that, maybe not…

 

Cheers,

 

Alex Gibson

 

+44 7813 810 765    @alexgibson3d    37 Royal Avenue, Reading RG31 4UR

 

admg consulting

 

edumaker limited

 

·         Project management

·         Operations & Process improvement

·         3D Printing

 

From: reading-...@googlegroups.com [mailto:reading-...@googlegroups.com] On Behalf Of Brian Gregory
Sent: 10 July 2021 15:58
To: reading-...@googlegroups.com
Subject: Re: [RDG-Hack] Trying to implement '3 dumb routers' using Sky routers

 

As I understand it all devices on a ethernet network MUST HAVE THE SAME SUBNET.

If you don't do this broadcasts will be sent to incorrect IP addresses.

You can't have one end as 255.255.255.0 and the other as 255.255.0.0.

On Fri, 9 Jul 2021 at 22:11, Jeremy Poulter <jer...@bigjungle.net> wrote:

Hum... I guess in principle that would do the trick....

 

Actually thinking about it more could be the netmask that is the problem, because you are using 255.255.0.0 all 3 ranges are on the same subnet so the intermediate routers will not know which interface to send traffic out of. Try setting to 255.255.255.0 on all routers.

 

Cheers,

 

Jeremy

 

On Fri, Jul 9, 2021, 9:46 PM Alex Gibson <al...@alexgibson.net> wrote:

Thanks Gavin and Jeremy

 

So I guess it looks like I’m trying to do the right thing, but with the wrong tools for the job.

 

I had thought that this might be the correct mode and would do the job for the two second-tier routers – as the helpful in-menu setup photo clearly shows a setup connecting the SR102 to a modem via Ethernet… clearly there is a hardware capability there to do what I need – but maybe not the software…

 

Error! Filename not specified.

 

If I can find a suitable pair of second-tier routers which have an Ethernet WAN port – can I at least use the (new) Sky router as the modem still?

 

Cheers,

 

Alex Gibson

 

+44 7813 810 765    @alexgibson3d    37 Royal Avenue, Reading RG31 4UR

 

admg consulting

 

edumaker limited

 

·         Project management

·         Operations & Process improvement

·         3D Printing

 

From: reading-...@googlegroups.com [mailto:reading-...@googlegroups.com] On Behalf Of Jeremy Poulter
Sent: 09 July 2021 20:01
To: rLab List
Subject: Re: [RDG-Hack] Trying to implement '3 dumb routers' using Sky routers

 

Hi,

 

I haven't looked into the exact hardware details yet, but... 

 

Assuming you are using the default firmware, I don't think you will be able to do this as the WAN connection of all the routers will be the ADSL line, not any of the Ethernet ports.

 

So I think we you are just essentially connecting 3 internal networks together.

 

If you are lucky installing OpenWRT may enable you to use one of the Ethernet ports as the WAN, but probably not on an OEM (cheap) router.

 

All that being said most new routers have a guest network setting which gives you a separate network and will do what you want.

 

Cheers,

 

Jeremy

On Fri, Jul 9, 2021, 7:16 PM Alex Gibson <al...@alexgibson.net> wrote:

…and it’s not going well.

 

I am trying to implement ‘3 dumb routers’ so that I can have a pair of completely separate networks, one ‘trusted’ and the other fully wild West ‘internet of crap’.

 

Error! Filename not specified.

I have a new Sky SR203 router, plugged into the phone line.  

Error! Filename not specified. (IP ADDRESS SET TO 192.168.0.1)

 

Into it’s 1st LAN port is a cable to port 1 on a Sky SR102 router.  I have 2 of these but only the ‘TRUSTED’ one connected at all right now.

 

 

TRUSTED                                                                              UNTRUSTED

(IP ADDRESS SET TO 192.168.1.1)                               (IP ADDRESS SET TO 192.168.2.1)

Error! Filename not specified.    Error! Filename not specified.

 

My PC is connected to the ‘trusted’ router via a cable and basic switch.  It is set to static IP 192.168.1.2.  ALL of the devices are currently using mask 255.255.0.0 to make them somewhat tolerant of change – I could lock down further when working better.

 

In theory that’s all the bases covered and all the hardware is ‘working’ – I’m on the internet from the PC right now – via the SR102 to the SR203 to the broadband.

 

However I am struggling to get the SR203 to act as a modem only – and the SR102 to act as a router only – so I don’t yet have the separation that is the point of the exercise.

 

-          My PC will only go online if I set the default gateway to 192.168.0.1 – the Sky SR203 router at the top.

-          I can set either router up as a DHCP server (limiting the ranges to avoid any conflict) – but if I turn off the DHCP on the SR203 nothing connects to the internet.

-          Both routers have these mode options in ‘WAN setup’:

Error! Filename not specified. 

Vance Briggs

unread,
Jul 10, 2021, 1:46:40 PMJul 10
to Reading Hackspace
Alex,

What you say about broadcast is true - Broadcasts are only broadcast on the "network" defined by the netmask, so you may want to broaden this network.  But...

1. You don't have to go a further 8 bits to 255.255.0.0, you could use 255.255.254.0 which would give 512 devices on the network, or 255.255.252.0 which would give 1024.
2. To be able to route between networks your networks MUST NOT be overlapping in IP address, and this gets more difficult to calculate if you haven't used the full octet of netmask (as per my point 1), but it is still possible , maybe use a subnet calculator like https://www.calculator.net/ip-subnet-calculator.html.
3. if you choose 255.255.0.0 netmask you cannot create 2 networks within the 192.168.x.x subnet.  You would need to use the 10.1.x.x and 10.2.x.x (The 10.x.x.x network has a larger private address space than 192.168.x.x - 3 octets of netmask rather than just 2)

Vance

Jeremy Poulter

unread,
Jul 10, 2021, 2:07:24 PMJul 10
to rLab List
Hi, 

That is the problem, it is not 1 (sub) network, it is 3 so the routers in the middle need to know which interface to send traffic on, so say one interface is 192.168.1.1 and the other 192.168.2.2 if you apply 255.255.0.0 netmask to these you get 192.168.0.0 on both interfaces so traffic will go out of the interface with the highest priority and that will be wrong in some cases.

Cheers,

Jeremy

Jeremy Poulter

unread,
Jul 10, 2021, 2:14:02 PMJul 10
to rLab List
Hi,

If it the hardware level there are multiple interfaces that the CPU can address OperWRT will definitely be able to do what you want. If the hardware is just a 5 port switch, the CPU interface and the 4 external ports then it won't. Certainly the WANoE option would suggest the former. 

Cheers,

Jeremy


Brian Gregory

unread,
Jul 10, 2021, 3:06:11 PMJul 10
to reading-...@googlegroups.com

Who taught you these strange ways?

On this bizarre network where some devices have a mask of 255.255.255.0 and some have (say) 255.255.240.0 what is the broadcast IP address?

Is it just the base address with the 8 LSB set to 1 or is it with 12 LSB set to 1?

Brian Gregory.
bdgr...@gmail.com
www.Brian-Gregory.me.uk
(Home)

Alex Gibson

unread,
Jul 10, 2021, 4:18:28 PMJul 10
to reading-...@googlegroups.com

That’s what I’m hoping. 

 

Installing OpenWRT looks… complex.  I’ve been disposing of some other tasks requiring brain function today, and will make this my last task tonight…

Alex Gibson

unread,
Jul 10, 2021, 4:47:56 PMJul 10
to reading-...@googlegroups.com

Honestly I don’t think I have the deepest level of understanding of IP address space and netmasking… just what has been working fine for me to date and what I learned maintaining Windows networks.  I guess any strange ways are self taught – and can be unlearned if actually in conflict with my stated goal.

 

I will try to read up more on netmasking.

 

Vance – on your points

1)       I’d not really considered masking off only a portion like 255.255.254.0

-          If you do that, are you limited as to what numbers you can use in the ‘254’ section – like 0 or 1?  I have been successfully using (arbitrary) double-digit numbers which hold particular meaning, as a mnemonic.

2)       Thanks for the subnet calculator.  Hopefully I can learn from that.  When we say not overlapping in IP address – do you mean something other than: if the netmask is 255.255.0.0 all the addresses on the network must be unique and within 192.168.x.x ?

3)      The word ‘network’ is a problem in this context as it can either be specific or general!  It is my (maybe wrong and also dumb) understanding that a [router] is effectively the head of one local area network, and bridges it to other networks in the [wide area].  I can assign IP’s willy-nilly within the range 192.168.x.x on the LAN connected to one router.  I wouldn’t be trying to create ‘separate networks’  within that LAN – only organise devices into groups.  For example, I might put all Raspberry Pi’s running OctoPrint on 192.168.123.0-255 (even I don’t have that many printers!) and all Raspberry Pi’s running home automation stuff on 192.168.99.0-255.  If I had another router, with its own LAN beneath it, I’d expect that I could use the 192.168.123.0-255 space again without issue – as it’s no more connected to the rest of my network than my neighbour’s home wifi – at least that’s what I’m trying to achieve! I don’t need 3 octets worth of addresses – and in practice I’d aim to have all IP addresses unique anyway in case I positively decide to move devices physically from one network to the other…

 

Cheers,

 

 

Alex Gibson

 

+44 7813 810 765    @alexgibson3d    37 Royal Avenue, Reading RG31 4UR

 

admg consulting

 

edumaker limited

 

·         Project management

·         Operations & Process improvement

·         3D Printing

 

From: reading-...@googlegroups.com [mailto:reading-...@googlegroups.com] On Behalf Of Jeremy Poulter
Sent: 10 July 2021 19:07
To: rLab List
Subject: Re: [RDG-Hack] Trying to implement '3 dumb routers' using Sky routers

 

Hi, 

 

That is the problem, it is not 1 (sub) network, it is 3 so the routers in the middle need to know which interface to send traffic on, so say one interface is 192.168.1.1 and the other 192.168.2.2 if you apply 255.255.0.0 netmask to these you get 192.168.0.0 on both interfaces so traffic will go out of the interface with the highest priority and that will be wrong in some cases.

 

Cheers,

 

Jeremy

 

On Sat, Jul 10, 2021, 3:57 PM Brian Gregory <bdgr...@gmail.com> wrote:

As I understand it all devices on a ethernet network MUST HAVE THE SAME SUBNET.

If you don't do this broadcasts will be sent to incorrect IP addresses.

You can't have one end as 255.255.255.0 and the other as 255.255.0.0.

 

On Fri, 9 Jul 2021 at 22:11, Jeremy Poulter <jer...@bigjungle.net> wrote:

Hum... I guess in principle that would do the trick....

 

Actually thinking about it more could be the netmask that is the problem, because you are using 255.255.0.0 all 3 ranges are on the same subnet so the intermediate routers will not know which interface to send traffic out of. Try setting to 255.255.255.0 on all routers.

 

Cheers,

 

Jeremy

 

On Fri, Jul 9, 2021, 9:46 PM Alex Gibson <al...@alexgibson.net> wrote:

Thanks Gavin and Jeremy

 

So I guess it looks like I’m trying to do the right thing, but with the wrong tools for the job.

 

I had thought that this might be the correct mode and would do the job for the two second-tier routers – as the helpful in-menu setup photo clearly shows a setup connecting the SR102 to a modem via Ethernet… clearly there is a hardware capability there to do what I need – but maybe not the software…

 

Error! Filename not specified.

 

If I can find a suitable pair of second-tier routers which have an Ethernet WAN port – can I at least use the (new) Sky router as the modem still?

 

Cheers,

 

Alex Gibson

 

+44 7813 810 765    @alexgibson3d    37 Royal Avenue, Reading RG31 4UR

 

admg consulting

 

edumaker limited

 

·         Project management

·         Operations & Process improvement

·         3D Printing

 

From: reading-...@googlegroups.com [mailto:reading-...@googlegroups.com] On Behalf Of Jeremy Poulter
Sent: 09 July 2021 20:01
To: rLab List
Subject: Re: [RDG-Hack] Trying to implement '3 dumb routers' using Sky routers

 

Hi,

 

I haven't looked into the exact hardware details yet, but... 

 

Assuming you are using the default firmware, I don't think you will be able to do this as the WAN connection of all the routers will be the ADSL line, not any of the Ethernet ports.

 

So I think we you are just essentially connecting 3 internal networks together.

 

If you are lucky installing OpenWRT may enable you to use one of the Ethernet ports as the WAN, but probably not on an OEM (cheap) router.

 

All that being said most new routers have a guest network setting which gives you a separate network and will do what you want.

 

Cheers,

 

Jeremy

On Fri, Jul 9, 2021, 7:16 PM Alex Gibson <al...@alexgibson.net> wrote:

…and it’s not going well.

 

I am trying to implement ‘3 dumb routers’ so that I can have a pair of completely separate networks, one ‘trusted’ and the other fully wild West ‘internet of crap’.

 

Error! Filename not specified.

I have a new Sky SR203 router, plugged into the phone line.  

Error! Filename not specified. (IP ADDRESS SET TO 192.168.0.1)

 

Into it’s 1st LAN port is a cable to port 1 on a Sky SR102 router.  I have 2 of these but only the ‘TRUSTED’ one connected at all right now.

 

 

TRUSTED                                                                              UNTRUSTED

(IP ADDRESS SET TO 192.168.1.1)                               (IP ADDRESS SET TO 192.168.2.1)

Error! Filename not specified.    Error! Filename not specified.

 

My PC is connected to the ‘trusted’ router via a cable and basic switch.  It is set to static IP 192.168.1.2.  ALL of the devices are currently using mask 255.255.0.0 to make them somewhat tolerant of change – I could lock down further when working better.

 

In theory that’s all the bases covered and all the hardware is ‘working’ – I’m on the internet from the PC right now – via the SR102 to the SR203 to the broadband.

 

However I am struggling to get the SR203 to act as a modem only – and the SR102 to act as a router only – so I don’t yet have the separation that is the point of the exercise.

 

-          My PC will only go online if I set the default gateway to 192.168.0.1 – the Sky SR203 router at the top.

-          I can set either router up as a DHCP server (limiting the ranges to avoid any conflict) – but if I turn off the DHCP on the SR203 nothing connects to the internet.

-          Both routers have these mode options in ‘WAN setup’:

Error! Filename not specified. 

Vance Briggs

unread,
Jul 10, 2021, 5:52:08 PMJul 10
to Reading Hackspace
At its most basic, the netmask says which portion of the IP is the "network" and which part identifies devices on that network. And by network here I mean all devices that can communicate with each other without the traffic being "routed" by a layer 3 device.  This therefore means a layer 2 device such as a switch or bridge can pass traffic between devices, including broadcast. 

So a netmask of 255.255.255.0 means the first 24  bits of the IP address are network. So if you are trying to communicate with any device that differs in these bits then it must be routed, and to do that it is sent to the gateway or router

This is why all devices on the same network need to have the same netmask and must have routes defined, even if only a default gateway. 

As you are trying to separate these networks then they must be different networks as per my description above. 

Very difficult to cover lots here, but hopefully this helps. 

Vance

Mr.G

unread,
Jul 10, 2021, 7:34:13 PMJul 10
to rLab / Reading's Hackspace
Alex.
Do you actually want a firewall i.e to stop a device from talking to other devices except on the ports you specify. If so you could use Openwrt or DDwrt on a number of cheap devices. There are many tutorials on Youtube,

Kind regards

Mr.G
Gerald


Reply all
Reply to author
Forward
0 new messages