Jump to content

Subnetting not segmenting my network like it used to

CryptoKnight614
By CryptoKnight614
in Networking
 Share
Posted

I keep all my IoT devices on my Guest WiFi which uses 192.168.3.x my trusted devices use 192.168.0.x. I run a JellyFin Media server which never used to be accessible from my Guest Network. The other day I was trying to screen cast to my FireStick 4k and noticed it wasn't connecting. That's when I noticed it was on the Guest WiFi which was causing the issue but it was still able to connect to my JellyFin server locally (I do port forward the HTTPS port and made sure it wasn't connecting to that). I just checked my subnet mask today which is 255.255.255.0. It should be impossible for these devices to communicate while on different subnets, right? It used to not function as I've had this happen before (changing networks to the Guest Network automatically) which caused issues with my JellyFin app on my FireStick. It's not a huge issue but I don't want any IoT device having access to my main network due to the many security flaws with IoT devices let alone all my crappy cheap Chinese smart bulbs. Does anyone have any ideas of what's going on here? Maybe I should just use a spare router for all my IoT devices but I don't really want to put another device on my network UPS. My system was working fine subnetting for 3ish years, I can't be sure when this issue started but I'm pretty sure it was functioning as expected a year ago, I just caught this within the last week.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Having different subnets means that devices won’t expect an IP outside of their subnet to be local, and therefore will use the default gateway instead. If there is a shared router between the subnets, and it doesn’t have firewall policies prevent the two from talking to each other, then it will happily route traffic between the subnets - that is in fact the main job of a true router, the way they were used originally.

 

You mention “Guest Network” - some routers or APs will have this function, and it normally includes automatic firewall policies to let the devices on it talk to the internet but not anything local. Maybe something happened to the settings on your guest network? Did you need to allow it to reach a printer or something like that at some point?

 

Finally, you mention subnets, but you didn’t mention VLANs. If you have two subnets, but don’t have VLANs, then those subnets are in the same “broadcast domain” - meaning that they will hear broadcast and multicast packets from each other. That may be a contributing factor to the behavior you are seeing.

 

Hopefully this will help you determine what has changed. But I can promise you that the fundamentals of the subnet mask have not.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
1 hour ago, brwainer said:

Having different subnets means that devices won’t expect an IP outside of their subnet to be local, and therefore will use the default gateway instead. If there is a shared router between the subnets, and it doesn’t have firewall policies prevent the two from talking to each other, then it will happily route traffic between the subnets - that is in fact the main job of a true router, the way they were used originally.

 

You mention “Guest Network” - some routers or APs will have this function, and it normally includes automatic firewall policies to let the devices on it talk to the internet but not anything local. Maybe something happened to the settings on your guest network? Did you need to allow it to reach a printer or something like that at some point?

 

Finally, you mention subnets, but you didn’t mention VLANs. If you have two subnets, but don’t have VLANs, then those subnets are in the same “broadcast domain” - meaning that they will hear broadcast and multicast packets from each other. That may be a contributing factor to the behavior you are seeing.

 

Hopefully this will help you determine what has changed. But I can promise you that the fundamentals of the subnet mask have not.

That's very helpful thank you. Unfortunately, my router doesn't have many functions. It's very basic but I got it cheap considering it was one of the first WiFi 6E models released. My switch on the other hand is enterprise grade so I may be able to change some settings in it to segment my network. Thank you for the information, it's been a while since I read up on my networking and this was a good refresher.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, CryptoKnight614 said:

That's very helpful thank you. Unfortunately, my router doesn't have many functions. It's very basic but I got it cheap considering it was one of the first WiFi 6E models released. My switch on the other hand is enterprise grade so I may be able to change some settings in it to segment my network. Thank you for the information, it's been a while since I read up on my networking and this was a good refresher.

I wouldn’t expect your switch to help much on its own. The segmentation needs to happen at the router.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×