Hi, On Thu, 05 Oct 2006 13:59:06 -0500 Michael Sullivan <[EMAIL PROTECTED]> wrote:
> What if I wanted 70.234.122.249, 70.234.122.250, and 70.234.122.251 as > the network. What would the syntax for those three be? I've never been > able to figure out what the 127.0.0.1/8 syntax means... That slash notation is a shortcut for the netmask. /8 is the same as "netmask 255.0.0.0". The number that comes after the slash is the number of bits that is set in the netmask, counting from left. E.g.: 255.0.0.0 (decimal) = 11111111.00000000.00000000.00000000 (binary). This is the first eight bits are set. A netmask gets masked onto the IP it belongs to to determine the net. That is the network mask is combined via an AND operation with the tested IP on the one hand and with the other tested IP (e.g. our own) on the other hand. Both results must match. I'll use the private subnet 192.168.x.y as an example: You can use it as it is specified: To build some Class-C networks. Such a network is specified as a /24 network. That's the first 24 bits set and results in a netmask of 255.255.255.0. That essentially means: all addresses that match the first 24 bits of the current IP do belong to our network. Such a network would be all IPs from 192.168.x.0 (x like in our current IP) up to 192.168.x.255. If you configure it instead with a /16 netmask (255.255.0.0), it would include everything from 192.168.0.0 up to 192.168.255.255. Concerning the IPs you've mentioned, that looks like 70.234.122.249 = 01000110.11101010.01111010.11111001 70.234.122.250 = 01000110.11101010.01111010.11111010 70.234.122.251 = 01000110.11101010.01111010.11111011 Note that the first 29 bits are all equal. So it would be sufficient to specify a /29 netmask (255.255.255.248). Note that this will also include the IP 70.234.122.248. It would probably not be wise to actually set this as an IP netmask when configuring the interfaces (will most certainly break routing and broadcasts), but it can be used in iptables configuration to match that given range of hosts. I don't know ipkungfu, but I would be surprised if there wasn't the possibility to specify more than one "LOCAL_NET". And a better name for that config setting would actually be "ALLOW_NET" or similar. -hwh -- gentoo-user@gentoo.org mailing list
