I wish I had one, as I said earlier I need to make videos because in my experience it's all wrong.
I can take you through the binary, due to my software dev background, and show you how a network mask actually works. Once that light comes on, IPv4 or v6... doesn't matter, works the same! After that routing tables get stupid, real stupid. All of a sudden the idea of building those tables with a protocol if you want isn't so hard. Then you move onto DNS, DHCP, and on up the stack.
But that's just the generics, then you have all the vendor specific quirks you pick up over the years, because everyone interprets this stuff differently.
So, what is the difference between 10.58.58.1, and 10.25.25.1? You said both networks are using a /24 mask, but do you know how to convert /24 to 255.255.255.0?
10.58.58.1 is 00001010.00111010.00111010.00000001 in binary. Now the /24 mask, or 255.255.255.0. 255 is 8 1s! So this is easy to convert to binary 11111111.11111111.11111111.00000000. Subnet masks must be all 1s, until they are all 0s. That's why the numbers involved in the decimal representations are always the same! And that's what the 24 means... 24 1s, in a 32bit address, broken up into 8 bit chunks... which means 8 1s or 0s per octet. v6 is the same, but with a 128bit address length! But on binary it works THE EXACT SAME WAY! It's just a longer number. 128 1s, broken up into 8, 16bit chunks expressed in hex instead of decimal.
But again on a binary level it's the same, but back to the 32bit address we're messing with here, again the mask is all 1s until it's 0s.
10000000 = 128
11000000 = 192
11100000 = 224
11110000 = 240
11111000 = 248
11111100 = 252
11111110 = 254
11111111 = 255
Of course the above may not be quite something you come up with if you were never taught how to convert decimal to binary and back again. The programmer mode on the Win10 calculator can do this stuff in a snap, just type in the DEC number and see the output next to BIN on the left. Or click BIN, and type in the binary and see the output next to DEC.
So you have this in binary:
IP: 00001010.00111010.00111010.00000001
SM: 11111111.11111111.11111111.00000000
If the text was fixed width, and they lined up perfectly you'd see now this works... how does IP know when to use the gateway or not? It peels off the bit of the IP address that matches to the 1s in the subnet mask, that's the "network ID". It then compares that bit of the IP to the same chunk of the destination address, does it match? Yes? It's local... No? Ask the local routing table... Default route? Gateway of Last Resort? Translation, IP doesn't have a blasted CLUE what to do with this, so send it HERE. On to the local router the packet goes.
Oh, and the boundaries? The network ID and the host ID portions of the IP address cannot be all 1s, or all 0s.
10.58.58.1 or 00001010.00111010.00111010.00000001
Network ID: 10.58.58 or 00001010.00111010.00111010
Host ID: 1 or 00000001
24bits of network ID grants 2^24 possibilities, or 16,777,216 networks, all the combinations possible with 24 zeros and ones in a line. But remember, they can't be all zeros or ones! So TWO of those possibilities don't work, so you have 2^24-2 use able networks, 16,777,214 of them. But oh wait, Cisco changed that so you CAN use the zero and the one network on the ends... WTF?!?
8bits of host ID grants 2^8 or 256 total addresses, but again all 0s and all 1s doesn't work. So you have 254 usable addresses. That is, 10.58.58.1-254. You can't use 10.58.58.0, and 10.58.58.255 is what? Local broadcast...
And look, even I'm devolving into the "subnet" talk, and that's WRONG. Because it implies a boundary that doesn't exist. CIDR, or class based routing?!? LIES! Again, all the local IP stack does is look at a packet, read the destination address, peel off lengths of bits based on the mask lengths of any records in the local routing table. Then compares them all... got a match? Yes? Off it goes based on the rule in the table that was matched. No? to the default gateway with you!
But you didn't put anything into the routing table of your Untangle?!? Yes you did! When you assigned IP addresses to the local interfaces, and again when you put an address on the WAN interfaces. Even if the address got there via DCHP, it doesn't matter. The fact that IP address exists, and it has a mask with it, and it's attached to an interface on the system, means an entry in Untangle's routing table for that network! The workstations and servers you connect to the LAN? SAME THING! You can see Untangle's routing table in config -> network -> routes. You may have no static routes on the left, or no dynamic routing configred (config -> network -> advanced -> dynamic routing), but you'll still have routes for all the addresses you've assigned to Untangle.
BTW you can see Window's routing table with this command: route print.
