General Q on IoT network / subnet


bozden
 Share

1 1

Recommended Posts

Apparently I'm not good at this...

 

What I want to do is to build a subnet of IoT devices in home/small-office environments. I'm not sure how I would implement this...

 

Suppose:

 

I have a classic wireless/modem/router at 192.168.1.1, windows / android devices already connected, fixed IP or DHCP.

I want to build another subnet of IoT devices, say 192.168.200.x...

At the center I have a Windows 7/8/10 PC with a single NIC, with two IP addresses,  say 192.168.1.100 and 192.168.200.1 - this can reach all two subnets...

 

The problem is the IoT devices (currently several OPi versions, Raspberry Pi's etc) which have fixed IP's cannot reach Internet. Apparently I'm doing it totally wrong.

What should be the IoT network settings? How would DNS resolve? How would I set the Gateway?

Is his secure against attacks from Internet or devices which connect to home wireless NW (192.168.1.x)?

Is it a "must" to have the windows PC multi-homed (two NIC's)?

Or another IoT device as router needed?

Static route? NAT? DNS Server on Windows PC? ... Where and how?

 

PS: Example /etc/network/interfaces file on an OPi One Armbian/Debian - which is useless...

# Wired adapter #1
allow-hotplug eth0
#no-auto-down eth0
iface eth0 inet static
address 192.168.200.2
netmask 255.255.255.0
gateway 192.168.200.1
dns-domain example.local
dns-nameservers 192.168.100.2 8.8.8.8 8.8.4.4
# Local loopback
auto lo
iface lo inet loopback

 

I'll appreciate any insight and directions. It must be simple - I think...

 

Link to post
Share on other sites

Armbian is a community driven open source project. Do you like to contribute your code?

If you have 192.168.1.0/24 and 192.168.200.0/24 and want devices in 192.168.200.0/24 be able to reach addresses in 192.168.1.0/24 (especially 192.168.1.1) then obviously you need a so called 'route' between both address ranges. Most probably this is something that can be done in Windows even with a single physical network interface. Though... why?

 

What's the purpose to have two network ranges in the first place? If it's that you just want to be able to differentiate them 'by number' and you don't think about physical separation then you could simply change on all devices (including your router!) netmask to /16 (255.255.0.0) and you're done.

 

Maybe you should start to elaborate why you chose two network ranges first.

Link to post
Share on other sites

Thank you for answering... I have a couple of motives - which may be wrong...

 

First of all: Most of the existing small networks have one modem/router/gateway and a C class network.

  • Device separation: In a C class network there already are lots of devices nowadays. So a separate region is beneficial to see them all in one place.
  • Security: Someone connected to home/small business network should not scan IoT network (e.g. a guest connected to WiFi). If someone hacks a computer on the home network with a malware, they would not reach the IoT network directly. A device on IoT network act as a security cam or heater control (of course they will have SSH key only access etc).  It is also easy to manage the firewall settings on IoT devices.
  • Deployment: Assume I want to build an IoT network on a new site. That site can have any structure. Easy way to deploy will be a separate subnet. E.g. a company would not want another device in the same subnet. So by setting a new IP on a single PC the new network will be set - without messing with all other aspects of that network.

I messed up with the route command in Windows with no positive results. In my research solutions only points to Windows Server versions.

 

If it is a Windows route problem (and I can solve it), what should the "interfaces" file contain?

 

Thanks again...

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

1 1