Re: [suse-security] SuSEfirewall2: are these IPs private or not?
Steffen Dettmer wrote:
* Ralph Seichter wrote on Mon, Aug 27, 2001 at 10:37 +0200:
Florian Pressler wrote:
I decides to assign the following IPs to the hosts in my LAN: 172.20.30.40/29, i.e 172.20.30.41 - 172.20.30.46.
172.20.x.y is a Class B network with a 255.255.0.0 netmask, so you should probably refer to your network as 172.20.0.0/16 in the abbreviated form. I'm not a networking guru, however.
What should this help? Today CIDR is done all the time. Maybe the script parses the netblock in a wrong way or so. Maybe you should take a look at the sources.
Florian used 172.20.30.40/29. This could of course also be interpreted as a fragment of a Class C network, which I believe is what Florian intended and what you suggest. But as 172.20.x.y is historically in "Class B address space" (lacking a better expression), it might be misinterpreted if you use a different netmask than 255.255.0.0. I have not yet seen CIDR with *private* Class A or Class B networks, so my suggestion is to try 192.168.x.0/29 instead. Mit freundlichen Grüssen / Regards Dipl. Inform. Ralph Seichter ISC Informatik Service & Consulting GmbH Tel +49 2241 867-0 mailto:r.seichter@isc-inf.com Fax +49 2241 867-222 http://www.isc-inf.com/
* Ralph Seichter wrote on Mon, Aug 27, 2001 at 11:59 +0200:
Steffen Dettmer wrote:
* Ralph Seichter wrote on Mon, Aug 27, 2001 at 10:37 +0200:
Florian Pressler wrote:
172.20.x.y is a Class B network with a 255.255.0.0 netmask, so you should probably refer to your network as 172.20.0.0/16 in the abbreviated form. I'm not a networking guru, however.
What should this help? Today CIDR is done all the time. Maybe the script parses the netblock in a wrong way or so. Maybe you should take a look at the sources.
Florian used 172.20.30.40/29. This could of course also be interpreted as a fragment of a Class C network, which I believe is what Florian intended and what you suggest.
Well, on some strange old OSes but not under linux AFAIK... :)
But as 172.20.x.y is historically in "Class B address space" (lacking a better expression), it might be misinterpreted if you use a different netmask than 255.255.0.0.
I never heard of such problems with linux. Linux CIDRs pretty nicely always AFAIK.
I have not yet seen CIDR with *private* Class A or Class B networks, so my suggestion is to try 192.168.x.0/29 instead.
Which is CIDR, too, since otherwise it would be class C /24. Of course this is often used as some default, but I won't expect any problems with linux systems according to kernel or utilities, but it may be related to SuSEfirewall which I don't know. I guess the kernel doesn't cares if an IP is from RFC1918 or not, but I haven't checked the sources. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (2)
-
Ralph Seichter -
Steffen Dettmer