how can 192.168.2.10 talk to 172.18.156.65?

Question

from what i understand, all computers need to be in the same subnet /24 so how would i get a computer to be able to connect to another computer that is set as 172 ?

one computer is behind a firewall, the other is connected to a HUGHES sat dish and has the IP of 172

would I need to setup a ROUTE in a firewall between the 2 computers, to say "if you are trying to get to 172.18.156.65 then use the ip address 192.168.2.65 and translate it to 172.18.156.65"

the firewall is a netgear, if I should use a ROUTE, then I'll try to learn it from the manual

thanks

Update

@ITGuy24 & @Tom - yes the coputer are at the same physical location, but I didn't have a chance to trace the wiring yet to figure out how they are connected.

The owner tells me they worked before, then their 192 computer got a malware infection and had to be scanned, then it stopped working a few days after that, but it may not be exactly related to the scan.

the 192 computer has software on it that needs to connect to 172 via tcp. the 192 computer software transfers data from itself to the corp office, using the hughes sat dish which is on 172. the 192 has an internet cable modem for regular web surfing.

I read up on ROUTES, fomr what I understand so far, if the IP you're trying to hit is not in your current subnet, ir you're in 192 and you're trying to hit 172, it's not in your subnet, so the router is going to send it to the ISP to try and resolve it.

so I should try to create a ROUTE on the firewall to tell it if you're looking for destination 172, then go to this gateway, using this interface.

i'm not sure what ip i'm supposed to use for the gateway, but I figure I have two chances, either the ip of the firewall, or the ip of the 172 computer. i'll play with that tonight and report back on what i find, thanks so far everyone, incl satans baby dog and dj angry fang.

Before we go to far in explaining. as it is a long drawn out explaination, it may be easier if you could answer a question for us. Which side is the one you want to access, and do both sides have routers? and of course, how do you want to access it, RDP, FTP, Web, YADA YADA? but, you are correct, by default you can not access the other side directly! You need routing set up, or if you just want to RDP, all you have to do is open the RDP port number (3389) opened on the router. Not a good idea though! — Tom, Mar 19 '10 at 19:41
Are these computers at the same location? The way I read it they are only connected via the internet. — ITGuy24, Mar 19 '10 at 23:23
You really need to take the time to figure out the physical topology, where the routers, and how they are configured before you started trying to guess what routes should go where. — Zoredache, Mar 20 '10 at 10:03

score 4 · Answer 1 · answered Mar 19 '10 at 20:51

Yes, you'll need to set up a route. Computers that are on the same /24 know how to talk to each other. Computers that are not need to be told, which is what routes are for. Since both of these address ranges are private, this even more important, because there is no magical 0.0.0.0 route to point out to the internet.

Now, depending on what sort of network you have in between, and whether or not you have to leave a protected network to get to the subnet, you may need to look at setting up a VPN.

score 2 · Answer 2 · answered Mar 19 '10 at 20:16

Sounds like you'll need a router that can handle 2 internal subnets. I think that most home routers can only handle one internal subnet and even the DMZ is required to be in the same subnet. I suspect that DD-WRT might have support what what you are wanting to do, although the setup is beyond being simple.

Alternatively, I think this might work:

Get a Windows PC with 2 NIC cards. Hook one to the satellite and the other to your router on the 192 subnet. Then enable "network connection sharing" in the NIC adapter that is connected to the 192.* router. I believe that will enable the satelite to talk to the 192 network. I do this kind of thing with PDA devices all the time , connecting via WIFI through a ad-hoc PC network sharing.

score 2 · Answer 3 · edited Jun 11 '20 at 10:02

The owner tells me they worked before

I didn't have a chance to trace the wiring yet to figure out how they are connected.

Well wait just a minute here. If it worked before, then you need to find out how it worked before. For all you know, everything is set up correctly and the only problem is a patch cable came loose somewhere.

This means: not messing with the routing table, not setting up a vpn, not installing more ethernet cards. Properly document how the network is setup: trace the cables, create an up-to-date network diagram.

Only once you know how everything is connected, and how the setup is supposed to work can you begin to make changes.

score 1 · Answer 4 · 2010-04-07T18:46:12.940

sorry I'm getting back to this so late:

*somebody please edit my original posting, I am not able to edit it, after I registered, because I don't have enough points. and I can't uplaod an image for the same reason *

disagram of network here http://i44.tinypic.com/2jayki0.png

SOLVED: here is what I've found after physical inspection and talking with the corp help desk (but their suggested solutions for fixing it did not work :(. )

there were 2 separate subnets on the same physical lan, connected by a firewall. the 172 subnet used a HUGHES sat link for access to the internet. the HUGHES box was connected to a 8 port switch, and a computer with software to connect to the corp office for the was also connected to that same switch. a cable from the switch went to the INTERNET jack of the firewall. a cable from the firewall LAN jack #1 went to the other computer 192 subnet that was trying to communicate with the 172 corp office.

the firewall used NAT to connect the 2 networks. the ip of the wan was set to match the 172 subnet and the cable to that subnet was plugged into the INTERNET jack. the ip of the lan was set to match the 192 subnet and the cable to that subnet was plugged into LAN jack #1.

the firewall needed 2 services and rules (inbound & outbound) to allow the two subnets to communicate but lockout any other traffic.

the 192 computer had it's gateway set to an ip for a cable modem to allow it to access the internet for regular web surfing.

so when the 192 computer tried to ping the 172 subnet, TIMEOUT.

So I created a ROUTE on the 192 computer to say, when looking for the 172 subnet, use the ip of the firewall LAN, and that worked.

The one computer network was using 172.18.156.65, but the software on the other computer in the different network was trying to access the application using 172.21.10.6, so it wasn’t able to access it.

By using a wide ROUTE statement it was able to communicate. This is the route add statement:

Route add 172.0.0.0 mask 255.0.0.0 192.168.0.10 metric 4 –p

It says for access to any ip address starting with 172, inside the mask of 255.0.0.0, use the firewall located at ip address 192.168.0.10, with a metric of 4, the –p means this route will persist and stay loaded when the system is restarted, so it will not be lost.

Hope this helps somebody

To prevent conflicts with real internet addresses beginning with 172. you should probably change that to the correct private range which is 172.16.0.0 mask 255.240.0.0 — Oskar Duveborn, Apr 07 '10 at 18:52

how can 192.168.2.10 talk to 172.18.156.65?

4 Answers4