Dear All I've been asked to produce a firewall for a LAN with three IP ranges. At the moment I have a script which is for a single IP range. Can anyone give me a few clues about how to change my present script so that it works with a triple IP range ? The IP addresses are something like 10.0.0.1/256 10.0.3.1/256 10.0.4.1/256. There are several hundred machines on the internal LAN and so /256 might just be the thing to use here ? Thanks Richard
Can anyone give me a few clues about how to change my present script so that it works with a triple IP range ? The IP addresses are something like 10.0.0.1/256 10.0.3.1/256 10.0.4.1/256. no, it's not 256! if you have the notation x.x.x.x/y, then y is the number of bits of the netmask (so the maximum is 32) i think you mean 10.0.0.0/8 (which means 10.x.x.x) or 10.0.0.0/16 (10.0.x.x) 10.0.3.0/8 (which means 10.0.3.x) ... etc.
hth Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
Markus On Thu, 15 Feb 2001, Markus Gaugusch wrote:
no, it's not 256! if you have the notation x.x.x.x/y, then y is the number of bits of the netmask (so the maximum is 32) i think you mean 10.0.0.0/8 (which means 10.x.x.x) or 10.0.0.0/16 (10.0.x.x) 10.0.3.0/8 (which means 10.0.3.x) ... etc.
That was one of the things that had confused me a bit. Main thing was what to do with the IP ranges and what numbers to use. Thanks very much to yourself and Hella for some useful advice. I'll start chopping things around. Richard
On Thu, Feb 15, 2001 at 07:34:11PM +0000, Richard wrote:
Markus
On Thu, 15 Feb 2001, Markus Gaugusch wrote:
no, it's not 256! if you have the notation x.x.x.x/y, then y is the number of bits of the netmask (so the maximum is 32) i think you mean 10.0.0.0/8 (which means 10.x.x.x) or 10.0.0.0/16 (10.0.x.x) 10.0.3.0/8 (which means 10.0.3.x) ... etc.
A correction to this last line: 10.0.3.0/24 means 10.0.3.x 10.0.3.0/8 means 10.x.x.x -tosi
That was one of the things that had confused me a bit. Main thing was what to do with the IP ranges and what numbers to use.
Thanks very much to yourself and Hella for some useful advice. I'll start chopping things around.
Richard
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- _____________________________________ |Þór Sigurðsson Tor Sigurdsson | |Netmaður Network Specialist| '------------ tosi@hi.is -------------' ! This mail is sent using Linux, and thus ! ! it is 100% guaranteed to be virus-free. !
-----Ursprungliche Nachricht----- Von: Markus Gaugusch [mailto:markus@gaugusch.dhs.org] Gesendet: Donnerstag, 15. Februar 2001 19:00 An: Richard Cc: suse-security@suse.com Betreff: Re: [suse-security] Firewall Configuration
Can anyone give me a few clues about how to change my present script so that it works with a triple IP range ? The IP addresses are something like 10.0.0.1/256 10.0.3.1/256 10.0.4.1/256. no, it's not 256! if you have the notation x.x.x.x/y, then y is the number of bits of the netmask (so the maximum is 32) i think you mean 10.0.0.0/8 (which means 10.x.x.x) or 10.0.0.0/16 (10.0.x.x)
Markus, I think you mean a 24 bit subnet here, not a 8 bit subnet.
10.0.3.0/8 (which means 10.0.3.x) ... etc.
Philipp
hth Markus
-- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (4)
-
Markus Gaugusch -
Philipp Snizek -
Richard -
Tor Sigurdsson