* Rory Campbell-Lange (rory@campbell-lange.net) [020423 16:26]: > I am setting up a machine behind a cisco router to exist as a standalone > machine in a DMZ. I'm using the Ziegler book "Linux Firewalls", but I'm > having trouble knowing what is meant by 'subnet_base' here, in the > header setting of the iptables script for a standalone host. > > Example: > > IPADDR="63.144.170.4" # your IP address > SUBNET_BASE="63.144.179.0" # ISP network segment base address > SUBNET_BROADCAST="255.255.255.240" # network segment broadcast address > MY_ISP="63.144.170.0/28" # ISP server & NOC address range > NAMESERVER="53.12.192.1" # address of a remote name server I'm not sure what these variables are for, or if you're setting them correctly, so I'm not going to comment on them. My interpretation would be a pure guess, so I'll not confuse the issue further. Generally speaking, I believe what you're looking for is commonly referred to as the "network number". The basic idea is that your subnet is defined by by your IP address and subnet mask. For example, if you have 29 bits of subnet mask (255.255.255.248) you have 3 bits left over for the host number. That means 8 addresses. The last is used as a broadcast address, and the first is called the "network number." The remaining 6 are to be used by the hosts on the network. I think this will be made more clear with an example: IP address: 192.168.2.2 netmask: 255.255.255.248 subnet address: 192.168.2.0 broadcast addresS: 192.168.2.7 the "subnet address" or "network number" can be gotten by taking the full IP address of any host on the network (in the above example, 192.168.2.2) and ANDing it with the netmask. In this case, that's equivalent to zeroing-out the last 3 bits of the address, which gives you 192.168.2.0 . Now, to void the disclaimer I gave above, my best guess is that the value you're looking for with the numbers you gave above is "64.144.170.0" good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml
Attachment:
pgpQXq517e2F0.pgp
Description: PGP signature