Re: iptables : subnet base and isp settings?

To: Debian User List <debian-user@lists.debian.org>
Cc: Rory Campbell-Lange <rory@campbell-lange.net>
Subject: Re: iptables : subnet base and isp settings?
From: Vineet Kumar <debian-user@virtual.doorstop.net>
Date: Tue, 23 Apr 2002 16:46:01 -0700
Message-id: <[🔎] 20020423234601.GA7126@doorstop.net>
Mail-followup-to: Debian User List <debian-user@lists.debian.org>, Rory Campbell-Lange <rory@campbell-lange.net>
In-reply-to: <[🔎] 20020424000217.GB4282@campbell-lange.net>
References: <[🔎] 20020424000217.GB4282@campbell-lange.net>

* Rory Campbell-Lange (rory@campbell-lange.net) [020423 16:26]:
> I am setting up a machine behind a cisco router to exist as a standalone
> machine in a DMZ. I'm using the Ziegler book "Linux Firewalls", but I'm
> having trouble knowing what is meant by 'subnet_base' here, in the
> header setting of the iptables script for a standalone host.
> 
> Example:
> 
> IPADDR="63.144.170.4"          	     # your IP address
> SUBNET_BASE="63.144.179.0"	     	 # ISP network segment base address
> SUBNET_BROADCAST="255.255.255.240"   # network segment broadcast address
> MY_ISP="63.144.170.0/28"             # ISP server & NOC address range
> NAMESERVER="53.12.192.1"             # address of a remote name server

I'm not sure what these variables are for, or if you're setting them
correctly, so I'm not going to comment on them. My interpretation would
be a pure guess, so I'll not confuse the issue further.

Generally speaking, I believe what you're looking for is commonly
referred to as the "network number". The basic idea is that your subnet
is defined by by your IP address and subnet mask. For example, if you
have 29 bits of subnet mask (255.255.255.248) you have 3 bits left over
for the host number. That means 8 addresses. The last is used as a
broadcast address, and the first is called the "network number." The
remaining 6 are to be used by the hosts on the network. I think this
will be made more clear with an example:

IP address:		192.168.2.2
netmask:		255.255.255.248
subnet address:		192.168.2.0
broadcast addresS:	192.168.2.7

the "subnet address" or "network number" can be gotten by taking the
full IP address of any host on the network (in the above example,
192.168.2.2) and ANDing it with the netmask. In this case, that's
equivalent to zeroing-out the last 3 bits of the address, which gives
you 192.168.2.0 . Now, to void the disclaimer I gave above, my best
guess is that the value you're looking for with the numbers you gave
above is "64.144.170.0"

good times,
Vineet

-- 
Currently seeking opportunities in the SF Bay Area
Please see http://www.doorstop.net/resume.shtml

Attachment: pgpQXq517e2F0.pgp
Description: PGP signature

Reply to:

References:
- iptables : subnet base and isp settings?
  - From: Rory Campbell-Lange <rory@campbell-lange.net>

Prev by Date: Re: how to get debconf or whoever to leave my ntp.conf alone
Next by Date: Re: apt-sources List
Previous by thread: iptables : subnet base and isp settings?
Next by thread: GDM on more than one screen / session
Index(es):
- Date
- Thread