IP Address and Subnet Mask

Simple question that no amount of Googling seems to answer:

I have a home network with a router attached to a cable modem. My router is currently showing an IP address of (for example)

99.100.100.129

and a subnet mask of (for example)

255.255.252.0

(of course, I’ve changed the values to protect myself).

To the outside world, is the IP address 99.100.100.129, or do I have to AND the two addresses together?

I ask this because I’m trying to help someone with her computer by having her run RealVNC server. There’s a way to have the server connect itself to a Viewer from the server end; that seems to be much easier than figuring out someone else’s IP adress, especially if she’s not very computer literate.

But, to do this she has to enter my IP address. That’s why I need to be reasonably certain I give her the right one.

By the way, if you try to do this with RealVNC, be sure to set up the firewalls on both computers!

thanks in advance.

99.100.100.129 is your IP address to the outside world. The subnet mask just identifies which portion of the address is the network address, and which portion is the machine address. A subnet mask of 255.255.252.0 really doesn’t make any sense. But one of, say, 255.255.255.0 indicates that the first 24 bits are the network address and the last eight are the machine address. None of that really matters unless you’re programming network drivers for big fancy routers though.

This isn’t necessarily true, particularly since 633squadron has said a router is attached to the modem. The usual reason to use a router is so that you can perform Network Address Translation (NAT) and give yourself more IP space behind the actual IP that the outside world sees.
633squadron, how did you determine what your IP address is? Did you do a lookup on the IP for an individual PC in your home, or did you ask the router what its address is?

The subnet mask is exactly what it says it is - a mask (filter using AND) for the address of a SUBNETwork. For almost all networks we would use, you would be on the main peer-to-peer subnet and the subnet mask would be 255.255.255.0. If you were to use a subnet mask other than this, you are probably on some restricted area of the main network like accounting or HR.

Sure it does. The first 22 bits are the network address and the last 10 are the machine address.

Wouldn’t that be 255.255.255.64?

:smack:

Nevermind. I just realized I got it backwards. Silly binary math.

Yes, that’s the address to the outside world. The outside world doesn’t care what your netmask is. The netmask comes into play when a computer is trying to decide whether a destination is inside or outside.

You don’t do any AND calculations, the driver does this for you. If you’re assembling your own network it is important to understand how this work. If not, just know that the netmask is how your driver compares a given address to your own IP address to determine wheether the address is inside or outside the network (and therefore needs to be routed or not).

In this case you are simply communicating across the internet to an external host, so if your computer was previously surfing the internet fine, then you do not need to examine your netmasks any further. They are as they should be.

We have tens of thousands of PC’s in our company that would beg to differ with you on this point. It is a perfectly valid 22-bit netmask. If you wanted, you could have a netmask of 142.37.72.90. It is a headache to understand, which is exactly why some places think it’s a good security strategy to use netmasks like this. Me, I’m fine with a strong firewall. But I digress.

The netmask is important even for a single PC behind Mom’s router. Get it wrong, and your computer won’t be talking to anybody.

Good question! I looked in my router settings. That tells me what the outside world things my IP address is. I confirmed it with http://www.whatismyip.com

And I guess my real question is, how do I set up RealVNC so that the other computer, acting as a server, can see my computer, and vice versa? The other computer does not have a router but does have a firewall. My computer has a router and a firewall. I have the router set up as a DHCP server so that multiple computers can use my LAN, so I suppose that it’s really the router that has a particular IP address. The IP address that comes back from an ipconfig /all is the one that my router assigned.

Here are some things you could try:

  1. Get the IP address of the computer running the RealVNC server (your friend’s computer). You can ask her to go to http://www.whatismyip.com and send that IP address to you, or you can use RealVNC’s server test page at:

http://www.realvnc.com/cgi-bin/nettest.cgi

  1. Connect to the server using the IP address she gives you, and the port number that the server is configured on. Default port number is 5900.

  2. If you cannot connect to the server, and since you specify that she does not have a router but does have a firewall, the following needs to be confirmed:

a. Does she have a public IP address or a private IP address?

b. Is port 5900 opened on the firewall for incoming TCP/IP connections?

If the answer to a. is “private IP address”, then does she have access to configure NAT port forwarding? If yes, forward incoming TCP/IP connections on port 5900 for the public IP address to port 5900 on the private IP address. This will probably not be possible if her ISP assign’s private IP addresses in a NAT configuration.

If you come back with step by step answers, we can probably walk you through the process. But first you need to confirm that the server computer has a publically accessible IP address or an option to configure NAT port forwarding on the public facing router. Port 5900 also needs to be open on the server computer’s firewall.

I am not aware of any option that allows the RealVNC server to initiate a connection to the RealVNC client, but I haven’t used RealVNC in a long time.

In the scenario that you want her computer to connect to yours, you need to forward the listening port at the router’s IP address to the listening port on your computer’s private IP address, using your router’s administrator console. You also need to open the listening port on your firewall.

Here’s a “Port forwarding for VNC” guide:

http://www.realvnc.com/portforward.html

This technically violates the IEEE (or whoever) standard, even though many operating systems will let you get by with it. All of the network bits are supposed to come first, follow by the node bits.

This is the first I’ve heard of this, do you have a cite for it? In all the training and documentation I’ve ever encountered, there is no prohibition against non-contiguous netmasks. People just don’t normally use them because it makes it a lot harder for humans to differentiate addresses at a glance (although I have heard of a couple gluttons for punishment who used non-contiguous masking to make their network more confusing to would-be attackers and tinkerers).

I guess I should qualify the above post by saying that interleaved networks are legal as long as none of your networks interleave into someone else’s reserved networks. Other than that, fair game.

RFC 1812 says that the network portion of an IP address should be contiguous bits. Doesn’t appear to say “must”.

But what about routing tables? It is my understanding that the OS will typically find the best macth in the routing table by looking for the entry with the longest number of matching bits at the start of the address. With an obfuscated non-contiguous network portion, this wouldn’t work.

Scratch that, I guess it uses the mask to extract only the network bits.

Well… Maybe it doesn’t violate the code so much as it pisses it off. I knew there was something about it in there though.