I design electronics for a living, so I am very comfortable with EDA software and blowing up components and releasing the magic smoke within, but I'm very much not comfortable with networks. That gap caught up with me recently when I tried to set up a NAS at home.
The plan was simple in my head: put a NAS built from a 10+ year old PC running TrueNAS and Nextcloud on the network for backups and media, reachable from anywhere through Tailscale, then over time add a pile of little smart-home gadgets I build myself with ESP32 boards (I already have terrarium and aquarium controllers I made), because that is my idea of a fun weekend. Hardware I trust, I can see it, I can burn it. Networks, it turns out, I had been treating like magic that "just works" as long as the wifi icon is full.
The moment I had to give the NAS a fixed address, I had questions I was a little embarrassed by. What is a /24, really? My router hands out 192.168.1.wtf?, so how many devices can I even have? And should my homemade ESP gadgets, which I would not trust further than I can throw them, really sit on the same network as the box holding every photo I own?
So I did the obvious thing and googled it. To be upfront: all of this is googleable, and there are already a dozen good subnet calculators out there. I used several of them. None of what follows is a discovery. It is just the stuff I wish someone had handed me on day one as a hardware guy poking at a home network.
The home /24, demystified for fellow beginners
Most home routers hand out addresses in a 192.168.x.0/24. That /24 means 256 total addresses, of which 254 are usable: one is the network address (.0) and one is the broadcast address (.255). Your router usually sits at .1.
Two practical things I did not know to do:
- Give the NAS a static IP outside the DHCP pool. My router auto-assigns, say,
.100to.200. If I park the NAS at.10, it can never collide with something the router hands out. (Setting a static IP inside the DHCP range is the classic way to get the "it worked yesterday" conflict. Believe me, it has happened to me more than once.) - Actually write down what lives where. Sounds obvious, but as a hardware person I keep a pinout and schematics for every board I design, personal or for work, and I had zero equivalent for my own network. Now I do.
The part that actually mattered: keep the janky stuff separate
Here is the one genuinely useful lesson, and it is the reason a hardware tinkerer should care about any of this. The STM32, ESP and Nordic gadgets I design little PCBs for and put together on my bench are not security-hardened. Granted, they mostly just blink some LEDs and flip a relay or two, hardly mission critical. They run firmware I wrote at 2am. I really do not want one of them, if it ever gets compromised, sitting on the same flat network as the NAS with all my files.
The fix (according to ChatGPT, yes I "trust" it, sue me) is to put untrusted or DIY devices on their own subnet (I had to look up what that even meant), usually via a separate VLAN, or at the simple end, a guest network, so they cannot freely reach the trusted devices. Lots of consumer routers have a guest network for exactly this. If you have a VLAN-capable router or a managed switch, you can go further and give IoT its own range and firewall rules. This single idea, fencing off the stuff you do not fully trust, was worth more to me than all the address math combined.
A tangent I did not need but enjoyed
While reading, I learned that cloud providers reserve even more addresses per subnet than the textbook two. AWS reserves five, so a cloud /24 is 251 usable, not 254; Azure also five, Google Cloud four, Oracle three. Am I ever going to run a cloud VPC from my apartment closet? No. But it scratched the same itch, and it is a fun bit of trivia for the next time someone insists a /24 is "obviously 254."
The confession: I built a calculator I did not need
Here is where I fully admit to being nerd-sniped. After bouncing between a few subnet calculators, each of which had one feature I liked and one thing that annoyed me, I got the itch to mash the good parts into one (or tried). So I built prefixbench.com, granted with a lot of help from Claude Code, mostly as a learning project and because it was a genuinely fun weekend.
It does not do anything the existing tools cannot. It just puts the bits I personally wanted in one place: split and join a network visually, the cloud-mode counts from above, IPv6, subnet and wildcard masks, no signup. If you already have a calculator you like, honestly, keep it, I don't care. I mostly built mine to understand the thing I was using, which is a very hardware way to learn anything. I might as well share it for fun.
So, was it worth it?
For the NAS alone? I could have stopped after the first search result. But the rabbit hole got me to stop treating my home network as magic, and the lesson that stuck, keep the homemade ESP stuff off the same subnet as the important boxes, is something I will now repeat to any fellow tinkerer who will listen.
If you run a homelab: how do you actually segment your IoT and DIY devices? Separate VLAN, guest network, or do you just YOLO it all on one flat /24? And for the networking folks reading this, if I got any of the above wrong, I would genuinely like the correction. The low-level hardware nitty-gritty I fly through, but networking, I am still very much the new guy here.
Top comments (0)