the 8 bit mask will cover (or include) all more specific addresses, you don't need to specify every single one. A router will use the most specific information available, and if that's it, then that's what it will use. ;)
As for RFC-1918 space, the "class A" net is the 10.0.0.0, the 172 net is really supposed to be 172.16.0.0 but as long as your NAT'd I'm not sure it's hurting anyone.. but in general it's nice to keep within the RFC's I think. >>> [EMAIL PROTECTED] 01/29/03 04:28AM >>> Isn't it nicer to define the subnet as: 172.16.0.0 255.240.0.0 ?? -- N.J. Reuvers Schippers Consultancy B.V. Oude Boteringestraat 71 P.O. Box 11.002 9700 CA Groningen The Netherlands Phone: +31 50 316 81 30 Fax: +31 50 589 04 87 E-mail: [EMAIL PROTECTED] -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED]]On Behalf Of Stefan Funk Sent: woensdag 29 januari 2003 8:23 To: [EMAIL PROTECTED] Subject: [FW-1] Subnet Mask question Hi Guys (NG FP2 on SUN Solaris) I'm working on our "Anti-Spoofing" rules to protect the ethernet ports. Now I whould like to ALLOW the IP addresses 172.0.0.0 to 172.255.255.255 to "show" up on one ethernet port. I defined a Net-172-0-0-0 with (see below) Network Address: 172.0.0.0 Net Mask: 255.0.0.0 This is working well, as far as I can see that.... Now the question: Is there a problem with my definitions, to have a class B address with a class A subnet mask? If this is a problem, is there a other solution for my "spoofing" rule? I don't like to define all 172.x.x.x networks by hand, this will be to much, beside of maintaining it all the time.... TIA Regards Stefan Firewall Admin *****Disclaimer***** This message is for the addressee only and may contain confidential or privileged information. You must delete and not use it if you are not the intended recipient. It may not be secure or error-free. All e-mail communications to and from the Julius Baer Group may be monitored. Processing of incoming e-mails cannot be guaranteed. Any views expressed in this message are those of the individual sender. This message is for information purposes only. All liability of the Julius Baer Group and its entities for any damages resulting from e-mail use is excluded. US persons are kindly requested to read the important legal information presented after clicking here: http://www.juliusbaer.com/maildisclaimer *****Disclaimer***** This message is for the addressee only and may contain confidential or privileged information. You must delete and not use it if you are not the intended recipient. It may not be secure or error-free. All e-mail communications to and from the Julius Baer Group may be monitored. Processing of incoming e-mails cannot be guaranteed. Any views expressed in this message are those of the individual sender. This message is for information purposes only. All liability of the Julius Baer Group and its entities for any damages resulting from e-mail use is excluded. US persons are kindly requested to read the important legal information presented after clicking here: http://www.juliusbaer.com/maildisclaimer ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= . ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
