Yo!
ALL answers are correct [more or less -- no flames!], but doesn't answer his question! Right...
In RFC1918, I found this: The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets. 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) As per definition the RFC is right. I have worked along it's lines for many, many years by now.
I decides to assign the following IPs to the hosts in my LAN: 172.20.30.40/29, i.e 172.20.30.41 - 172.20.30.46. IMHO good (/acceptable) decision ;-) No smily's needed. It IS a good decision.
When I start SuSEfirewall2, there appears an errormessage: The network 172.20.30.40/29 you want to masquerade is not from a private network. Change this!
Is this an error of SuSEfirwall2, or do I misunderstand something completely? I can only see this as an error is SuSe firewall (which I do not use, so got no experience). I can testify that ipchains and iptables are both happy to do it correctly. Maybe it was tough to use partial netmasks, like 255.240.0.0
Said this, for me the question/answer is quite interesting: --> WHY does SuSEfirewall2 assume, that THIS ADDRESS isn't from a private network???
CIAO, Peter