-1

I had multi WAN router with LAN address of 192.168.10.1/24.

Also, I had a device with address 192.168.100.1, which was connected BEHIND WAN1 interface.

To access this device, I have added a static route to the router

route add 192.168.100.1 mask 255.255.255.0 WAN1

and it was working.

Now I have extended netmask of my LAN from 255.255.255.0 to 255.255.0.0 and after that static routes stopped to work or became illegal.

Why and how to fix?

DavidPostill
  • 162,382
Dims
  • 13,414

2 Answers2

3

So if you think about it, this makes sense that it stopped working. The key piece of information was this:

I have changed netmask on a router. This automatically caused change in DHCP, which in turn changed netmasks on all clients (when leases expired of course).

Now, I can explain why this doesn't work - however to gain a fuller understanding, you should read up about networking in general.

So you mentioned that you LAN interfaces had network space of 192.168.10.0/24. DCHP would ensure that all clients on that network would exist in that IP space as well. This means the routing table probably looked like this:

Destination     Netmask         Route Type  Gateway         
192.168.10.0    255.255.255.0   connected   *               
0.0.0.0         0.0.0.0         default     192.168.10.1

To understand this route table, you need to understand a little about routing.

  • Connected - This is the route associated with the interface address and netmask. IP addresses that exist within this network space are connected to directly. That is, the host will ARP for the address and then send traffic to that host directly. No intermediary router (gateway) is required.
  • default - This route is the route for which all traffic that does not fall within the confines of other routes in the table. This is generally the route required to get on the Internet. This is also a static route.

If you have a client on the 192.168.10.0/24 network, say 192.168.10.10, who wanted to talk to IP address 192.168.10.15 it would consult the routing table to see how it should do so. This would match the connected route (it would do so by performing a bitwise and on the destination IP and the netmask in the routing table). 192.168.10.10 would then ARP for 192.168.10.15 and communication would continue from there.

In the case of 192.168.100.1 however, a computer on the 192.168.10.0/24 network would check the routing table and only find a match on the default route, as such it would send the traffic the the router (the gateway), which has a route to that network.

When you grew the network from a 192.168.10.0/24 to a 192.168.0.0/16 network you changed the routing table as well. The routing table now looked like this:

Destination     Netmask         Route Type  Gateway         
192.168.0.0     255.255.0.0     connected   *           
0.0.0.0         0.0.0.0         default     192.168.10.1

As a result, now when you attempt to go to 192.168.100.1 the look up to the routing table would match the connected route. As a result, your hosts are performing an ARP query to find the device, not sending the traffic to the router. The ARP query is failing as the device does not exist on the same LAN, rather it needs to go over a router hop.

Now, it is possible to have the router perform a "proxy arp" for the device, but that is dependent on the router software.

On a more pedantic and pedagogical perspective, it is generally considered bad practice to have a connected route, and then create a smaller static route within that connected route. This can lead to numerous issues down the line. In this case, you have a /16 from which you have carved out a /24 to go to another interface. Even if you made the /24 a host route, it is still bad practice. Most router software will not even let you do this, throwing an error if you try. Now, while it is possible to function using such a set up, it is recommended that you use wholly separate IP spaces.

It looks like you are interested in doing a lot of networking stuff, which is good. This is a difficult field, and there a lot to wrap your head around in this area. I suggest you read up a little about this, so that you can understand what is actually happening.

One book I enjoyed was Network Warrior from O'Reilly Media. This book teaches a lot of Network fundamentals. This of course is my opinion, there are many other resources available, free or otherwise.

prateek61
  • 1,186
0

When you change the network mask, it is a little more complicated than just simply using a different netmask on one machine. You have to change netmasks for ALL attached network equipment (i.e. routers, switches) as well as the ethernet interfaces on all the machines to match. Also, you would need to change any of the associated DHCP netmask handouts as well. If you do not things do not work as you have seen.

What you most likely have here is one or more machines or pieces of network equipment where your netmask is incorrect.

mdpc
  • 4,489