Technical question about Private IP setup

[beachycove]

In the office, I have a Mac Pro tower connected to the world on one of its Ethernet ports, but have set up a Private IP network on the other Ethernet port with the identity 192.168.2.1. I have a couple of printers attached to that second Ethernet port, via a switch, running at the addresses 192.168.2.85 (a Laserwriter 8500) and 192.168.2.84 (a Xerox 8400). The context is a corporate network setting where I do not want other users in the building to "see" these printers. They are mine, Mine, MINE!

The rationale for this setup, beyond giving the printers use rather than seeing them scrapped, is that though there are central corporate printers, I do not want to walk the fair distance that stands between me and them every time I print, so I have for years run a spare printer in my own office (I have to print a fair bit). I just added the Xerox unit, one having come my way this week for C$60 with just a 968 page count, and encountered in setting it up a situation that I don't fully understand. So I thought I would ask about it here --- for the sake of general education, as 'twere.

In none of these Private IP setups do I have a router named in the IP settings. The Mac Pro, for example, has an IP on the second Ethernet port of 192.168.2.1, and a subnet mask of 255.255.255.0, but the router address is left blank in the networking settings. The printers are configured in the same way (subnet 255.255.255.0 and router at 0.0.0.0, since an address had to be supplied). 

It works, but here's my question for the IP priesthood: Is this setup technically correct? Should/ could the IP settings have a router designated by a real IP address (e.g., the Mac Pro's Ethernet port at 192.168.2.1, or for that matter my corporate network's real router on 129.xxx.xxx.xxx)? Or would that effectively be the same as setting the router to a dummy address as I have in the settings at 0.0.0.0?

Just curious as to how this is supposed to be done....

 

[Gorgonops]

For your purposes it's set up correctly. The way tcp/ip works in this situation is that every ethernet interface you have on the machine creates an implicit routing table entry that basically says "For all the IPs that reside in the range defined by the combination of IP and netmask for this interface reach them via direct broadcast". (Unless overridden by a more specific route.) You only need explicit routes to reach things not on your local ethernet segment.

If for some reason you, say, needed the printers in your cul-de-sac network to be able to reach the Internet then you'd have a case where you'd probably want to set up your computer to be *their* gateway. (And then nat the traffic or whatever.) But if you just need them all to be able to pass isolated peer to peer traffic you're done.

 

[beachycove]

Thanks. That it works is not, therefore, sheer fluke.

 

[NJRoadfan]

I'm assuming this network is completely isolated from the rest of your work network. I've had problems with machines with two ethernet cards (albeit on Windows) accessing resources on a 2nd card for some reason. Its likely your packets to 192.168.2.0 are going over the primary interface even though logically they shouldn't. Something like Wireshark or other packet sniffing tools is good for diagnosing this. You may have to fiddle with OS X's static routing configuration so that it explicitly sends packets marked for 192.168.2.x to the 2nd ethernet interface.