I’ll share some basics here:<\/p>\n
All computers and devices on a network are each called a host. Each must
\nhave a unique IP address just like each house has a unique address.<\/p>\n
IP addresses are broken into the older IP version 4 (IPv4) which has
\nfour numbers separated by a period ‘.’ like this 8.8.8.8.<\/p>\n
Each number must be in the range of 0 to 255, but no host can have an IP
\nthat ends on 0 or 255.<\/p>\n
There are three main ranges of IP addresses which will not be routed
\n(forwarded) across the internet. These ranges are intended to be used in
\nlocal networks, which in practice means you can have a number of
\ncomputers with their own IP address on your network without it being
\nopen to the world.<\/p>\n
In other words these ranges will not work across the internet and is a
\ndirect solution to not wanting to give up a “routeable” address for each
\ninternal device. Otherwise the available IP addresses would be used up
\nvery rapidly by large corporations. Plus, this way we have a layer of
\nsecurity. There is a technology called Network Address Translation (NAT)
\nwhich ensures internal communication traveling from the inside of a
\nnetwork to the outside is properly tracked.<\/p>\n
The three ranges are:<\/p>\n
10.0.0.0 – 10.255.255.255 with 16,777,216 IPs
\n172.16.0.0 – 172.32.255.255 with 1,048,576 IPs
\n192.168.0.0 – 195.168.255.255 with 65,536 IPs<\/p>\n
There is an address for all computers to test networking without needing a
\nnetwork card which is 127.0.0.1. It is called the loopback device. <\/p>\n
The new IP version is called IPv6 and in theory allows for 2 to the
\npower of 128 (128 digits) versus IPv4 which only have about 4.3 billion
\naddresses. I’m not going into the details of it here.<\/p>\n
A network that is under another one or is internal is generally referred
\nto as a subnet.<\/p>\n
Each network reserves a few IPs for its own use:<\/p>\n
For a network able to use all 256 addresses on a subnet , for example, 192.168.1.0 is called the network address, which obviously is the beginning of it.<\/p>\n
Usable addresses then would be 1 through 254, except generally the first
\nusable one is usually the gateway to the network “above” it. So .1 is
\nusually reserved as the gateway IP.<\/p>\n
Then the last IP is usually the broadcast address. The purpose with that
\nis when a device needs to reach another computer and does now know has
\nthe IP sends out a broadcast asking “who has (IP)?” which is sent to the
\n.255 address. The gateway will then answer. <\/p>\n
192.168.1.0 is the network IP
\n192.168.1.1 is the gateway
\n192.168.1.255 is the broadcast IP<\/p>\n
We humans have a hard time tracking IP addresses so a system was
\ndesigned to allow up to use names instead. A server function called
\nDomain Name Server (DNS) translates the name to an IP address which is
\nneeded to actually reach another computer.<\/p>\n
Now for a computer to save time and not bother the DNS with questions
\nthat it could answer a network mask was created which by its design can
\ntell if the computer you are trying to reach is on the local network or
\nneeds to be sent to the gateway server to figure out. (And if it does
\nnot know it sends it up to its gateway and so on.)<\/p>\n
It is called subnet mask and for the above example it would look like
\nthis 255.255.255.0. Thereby knowing that any host on 192.168.1.0-192.168.1.255 can be sent directly, anything else would need to be sent to the gateway, 192.168.1.1 for it to forward up the line.<\/p>\n
Due to criminal elements online it is crucial that you have layers of
\nsecurity. The first one is called a border firewall and is the first
\nlayer of security. Other layers can be local firewalls on each computer,
\neducated users on what to do and not, log files that are monitored,
\nsecurity patches applied in a timely fashion (immediately) and so on.<\/p>\n
You do NOT need a separate subnet for VMs unless you WANT to have it. I
\nrarely do it. But if you do then simply assign IPs for the VMs that are
\non the same subnet. If they need to go outside that subnet then make
\nsure you have a gateway assigned which sits across both subnets. That
\nwill have port forwarding turned on which allows traffic to flow between
\nthe network cards. (Google linux router.)<\/p>\n
When you use virtual machines they too will each need an IP to talk to
\nany other host.<\/p>\n
(You could create a subnet which does not have the ability to talk
\noutside that specific network, which could be handy when testing
\nsomething that could be interrupting other hosts on the main network.
\nBeing totally isolated means it cannot be hacked nor leak something
\noutside that network.)<\/p>\n
When you sit inside your subnet you may not allow random external (on
\nthe internet) traffic to reach your internal computers unless there is a
\nhole on the firewall to allow some traffic in. For example, you might
\nhave a web server which is reachable from the outside, which in turn
\nuses a database. Access to the database must be guarded to ensure it’s not reachable directly or via a flaw in the code.<\/p>\n
You have to make the call if you can or should allow the VMs access to other networks.<\/p>\n","protected":false},"excerpt":{"rendered":"
[…]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3,5,7],"tags":[],"class_list":["post-358","post","type-post","status-publish","format-standard","hentry","category-computer-101","category-oss","category-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/posts\/358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/comments?post=358"}],"version-history":[{"count":1,"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/posts\/358\/revisions"}],"predecessor-version":[{"id":359,"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/posts\/358\/revisions\/359"}],"wp:attachment":[{"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/media?parent=358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/categories?post=358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.szmidt.org\/blog2\/wp-json\/wp\/v2\/tags?post=358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}