First network 10.0.0.0 255.255.254.0 Second network 10.0.1.0 255.255.254.0
In no way do I mean to sound rude - but isn't that completely wrong? Doesn't the above subnet mask mean that those addresses are on the same subnet? If the subnet mask ends at the 23rd binary digit then 10.0.0.x and 10.0.1.x are in the same subnet - the first 23 binary digits are 00001010 00000000 0000000 - and doesn't that mean they both exist within the same host area of the last 9 binary digits? Wouldn't you need a 255.255.255.0 subnet mask in this case? This looks awfully similar to 2 class C networks and all class C's have 255.255.255.0 as the subnet mask. John W Higgins john@wishdev.com
You are right, ive not been paying attention to this thread, but though 2 IPs with those subnet masks are on the same 9 bit subnet. The whole subnet will consist of 10.0.0.0-10.0.1.255 What he wants is a normal Class C subnet. Ewan On Fri, 2002-04-12 at 18:54, John Higgins wrote:
First network 10.0.0.0 255.255.254.0 Second network 10.0.1.0 255.255.254.0
In no way do I mean to sound rude - but isn't that completely wrong?
Doesn't the above subnet mask mean that those addresses are on the same subnet? If the subnet mask ends at the 23rd binary digit then 10.0.0.x and 10.0.1.x are in the same subnet - the first 23 binary digits are 00001010 00000000 0000000 - and doesn't that mean they both exist within the same host area of the last 9 binary digits? Wouldn't you need a 255.255.255.0 subnet mask in this case? This looks awfully similar to 2 class C networks and all class C's have 255.255.255.0 as the subnet mask.
John W Higgins john@wishdev.com
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com
Ok, let me re define the situation. I have two networks going to the same isp through an 8 port hub, two firewalls connecting two separate networks that are exact clones of each other in every way except two domain name and ip One network is 10.0.0.0 with a subnet of 255.255.255.0 The other is 10.10.0.0 would the subnets be the same, How about if I wanted them both to connect to one firewall, would I just set up a rule in iptables to masq the addresses from the separated firewall, how about if I just wanted everything to go through the 10.0.0.0 network to the internet. I thought the second 10 in 10.10.0.0 would cause the subnet to change. But if the subnets are the same in two networks does that mean they can communicate without the use of a router. -----Original Message----- From: Ewan Leith [mailto:ewan@longwords.org] Sent: Friday, April 12, 2002 2:11 PM To: john@wishdev.com Cc: suse-linux-e@suse.com; Gideon Hallett Subject: Re: [SLE] Subnet mask settings.... You are right, ive not been paying attention to this thread, but though 2 IPs with those subnet masks are on the same 9 bit subnet. The whole subnet will consist of 10.0.0.0-10.0.1.255 What he wants is a normal Class C subnet. Ewan On Fri, 2002-04-12 at 18:54, John Higgins wrote:
First network 10.0.0.0 255.255.254.0 Second network 10.0.1.0 255.255.254.0
In no way do I mean to sound rude - but isn't that completely wrong?
Doesn't the above subnet mask mean that those addresses are on the same subnet? If the subnet mask ends at the 23rd binary digit then 10.0.0.x and 10.0.1.x are in the same subnet - the first 23 binary digits are 00001010 00000000 0000000 - and doesn't that mean they both exist within the same host area of the last 9 binary digits? Wouldn't you need a 255.255.255.0 subnet mask in this case? This looks awfully similar to 2 class C networks and all class C's have 255.255.255.0 as the subnet mask.
John W Higgins john@wishdev.com
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
On Friday 12 April 2002 19:06, Michael Garabedian wrote:
Ok, let me re define the situation.
I have two networks going to the same isp through an 8 port hub, two firewalls connecting two separate networks that are exact clones of each other in every way except two domain name and ip
Right, so traffic *does not* (or should not) flow between the two networks? I presume each network has a firewall attached to the hub port, and all network traffic for the ISP goes through it? (even though the hub will repeat all traffic to all ports; the firewalls see that the repeated local traffic isn't valid for that network and discard it)
One network is 10.0.0.0 with a subnet of 255.255.255.0 The other is 10.10.0.0 would the subnets be the same,
It's a private address range comprising some 16 million hosts; you have a considerable degree of leeway in your choice of addresses :) The size of the subnet mask should be large enough to accomodate all the hosts you need to have access. If you've got 12 hosts on one network, then you only need a /28 mask for it, since 4 host bits gives you a maximum of 16-2 hosts. If you need 400, then you need a /23 for one subnet, since 2 to the 8 is only 256. We've all been generally assuming that 254 hosts will do your second network OK; is that true? If you want your first address range to be 10.0.0.0 - 10.0.0.255 and your second address range to be 10.10.0.0 - 10.10.0.255, then fine. You should have absolutely no problems doing that; and you'd use the same netmask for both subnets; 255.255.255.0. As long as your netmask is contiguous and goes 111...1100...00, then everything should work. It's a private range, so you're probably not in any danger of address exhaustion, and the only real reasons for using adjacent subnet numbers is that it makes route summarization possible; thus reducing the size of your routing table. However, the private addresses aren't routable in the wider world, so the whole question is somewhat academic! (It's just a question of good practice and not getting into bad habits just because you're using a private network.)
How about if I wanted them both to connect to one firewall, would I just set up a rule in iptables to masq the addresses from the separated firewall,
Is this a third firewall (between the hub and the Internet), or is it the only firewall? The iptables rule would be something like; iptables -t nat -A POSTROUTING -d ! 10.0.0.0/23 -j MASQUERADE at a rough guess.
how about if I just wanted everything to go through the 10.0.0.0 network to the internet.
Then you need to define both networks to be part of one subnet.
I thought the second 10 in 10.10.0.0 would cause the subnet to change. But if the subnets are the same in two networks does that mean they can communicate without the use of a router.
If you've got two distinct subnets, then they are in *separate* broadcast domains; and thus you need a layer 3 device (L3 switch or router) to make them talk to each other. Hope this helps. Gideon.
On Friday 12 April 2002 18:10, Ewan Leith wrote:
You are right, ive not been paying attention to this thread, but though 2 IPs with those subnet masks are on the same 9 bit subnet.
The whole subnet will consist of 10.0.0.0-10.0.1.255
Exactly, although it's a supernet rather than a subnet; you're making the host portion of the address larger rather than smaller.
What he wants is a normal Class C subnet.
Classes are Bad. Classes are old, and largely superseded thanks to classless routing protocols. Although knowing them is good, thinking of everything in a class-based system can lead to some really bad mistakes. As such, it's better to avoid calling things 'class C/B/A', and just go on the length of the CIDR mask; a traditional Class A is a /8, a Class B /16, and a Class C /24. If you talk of a 256-host block as a /24, it means that you can do the sums more easily, since a /23 comprises twice as many addresses as a /24, and a /22 comprises four /24s and a /21 comprises eight /24s (although you have to remember to subtract two addresses per network).
On Fri, 2002-04-12 at 18:54, John Higgins wrote:
First network 10.0.0.0 255.255.254.0 Second network 10.0.1.0 255.255.254.0
In no way do I mean to sound rude - but isn't that completely wrong?
Doesn't the above subnet mask mean that those addresses are on the same subnet? If the subnet mask ends at the 23rd binary digit then 10.0.0.x and 10.0.1.x are in the same subnet - the first 23 binary digits are 00001010 00000000 0000000 - and doesn't that mean they both exist within the same host area of the last 9 binary digits?
Exactly. It tells the network devices that you have one /23 area. If you wanted to look at it as a /24 with a 1-bit supernet, then fine; you still end up with two effective /24s to play with. (And we're all assuming that Michael only needs to add a maximum of 254 more hosts...) The range of valid addresses is 10.0.0.1-10.0.1.254 - to do this, you need a /23 netmask.
Wouldn't you need a 255.255.255.0 subnet mask in this case? This looks awfully similar to 2 class C networks and all class C's have 255.255.255.0 as the subnet mask.
Gah. Brainfart on my part. Although the whole area is 10.0.0.0 /23, the networks themselves are 10.0.0.0 /24 and 10.0.1.0 /24. Sorry about that. And yes, if you used the /23 netmask, you'd just end up with one big (510-host) subnet. Of course, depending on how Michael actually wants to do things, this might be more useful than having two separate networks. If he wants traffic to pass freely between the two networks, then he would be advised to aggregate the two networks into one; if not, then two networks will suit him better. A little addendum - if you're using classful addressing, 10.0.0.0 is most definitely *not* a Class C address; because classful addresses must obey the first octet rules so that network devices can grok their class (i.e. Class A (0-127) - first octet starts 0 Class B (128-191) first octet starts 10 Class C (192-223) first octet starts 110 Class D (224-239) first octet starts 111) As such, the RFC 1918 address combined with the /24 mask means that it *can't* be classful unless there's a 16-bit subnet in the network; which is somewhat unlikely. cheers, Gideon.
participants (4)
-
Ewan Leith -
Gideon Hallett -
John Higgins -
Michael Garabedian