On Wed, 26 Apr 2000, jbarnett@axil.netmate.com wrote:
I recently setup a static IP though a PPP connection. Everything works expect I can't send to my subnetmask (everyone on the subnetmask can send to my IP though).
For example say the static IP is 192.168.17.231, the gateway to the Internet is at 192.168.17.2 and the dial in modem rack is 192.168.17.12.
It dials up, and I can send to any other IP on the Internet expect for anything in the 192.168.17.X.
Not true. You can't send to any IP on the internet that is in the 10.* area or in the 192.168.* area; there is one other area that is a range of values, but I don't remember what it is. Note that if what you're thinking of as "the internet" actually includes a part of your corporate network, either locally or via a Virtual Private Network, then some portion of the above ranges might be available to you. However, someone outside your corporate network trying to use those addresses probably won't be hitting the same machines you are. For example, the machine I am on right now is 192.168.1.2 and my gateway is 192.168.1.254. That's because the address areas I gave are defined as private networks, and any internet-connected router that will send them out to the internet (unless wrapped in a VPN container) is in violation of international standards and subject to being cut off from the internet at whim. What this means is that any number of separate, non-connected networks can use these addresses without fear of conflict. The only issue is if someone on these networks wants to connect to the internet: they can't. Which is great security. And you can poke a hole in that security - which you can define very precisely and monitor very closely if you like - by means of a masquerading firewall, and perhaps IP forwarding.
Everyeone else can ping my IP address, but I can't pin theirs. I tried both a subnetmask of 255.255.255.0 and 255.255.255.255 (both in radius and on my workstation).
Any ideas? I have never seen this before and didn't see anything in the PPP FAQ regarding this, any help would be greatly appeicated cause I am stumped.
My first suggestion is, if possible, don't use 192.168.17.* on both the LAN side and the modem side. Change the 17 to some other value on one side. However, I want to get down to basics a bit. An IP address is a 32-bit binary number. So is a net mask. The dot formation makes things easier on humans, but it's irrelevant to a computer. Here's a perfectly valid IP address: 3432562197 Try it with a web browser, just put two slashes in front. Note no dots. A subnet has a network address and a mask. Usually nobody bothers to specify a network address, but it exists. (Why it isn't often important in and of itself will be made clear in a moment.) Do a bitwise AND of the network address and the mask. You'll get something that looks like another address. Do a bitwise AND of the address of any machine on that subnet, and the mask. You get THE SAME result. (Which means: any of those addresses can be used in place of the network address, for most purposes.) Do a bitwise AND of the address of any machine NOT on the subnet, and the mask. You get SOME OTHER result. This is part of the definition of a subnet. It isn't just the way we wish things were in order to be neat and tidy: it's the way things actually are in every network that works properly. Now, I said that the dot notation doesn't really matter. Many implementations of network logic require (although it is NOT part of the standard) that the netmask may not have a 0 bit followed by a 1 bit. This is so normal that a new style of specifying a netmask has come into common usage: you just say how many 1 bits are on the left hand side of the number, e.g. 255.255.255.0 becomes 24. However, nowhere in any standard or in any common implementation (or any UNcommon implementation that I've ever heard of) does it say that the 1 bits have to be in multiples of 8. So a netmask of 255.255.255.128 (or, in the newer style, 25) is perfectly valid and can be used on most, perhaps all, networking equipment and software. A netmask of 255.255.255.128 (25) *might* fix your problem. I don't know for sure. If not, a netmask of 255.255.255.192 (26) might fix it, but you'll be doing some interesting tricks including defining two or more IP addresses for one NIC. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/