Re: bind squid to interface
Michael West wrote: > > I would like to bind squid to a specific interface. [...] > What am I doing wrong with xinetd? What other ways are there to make > squid bind to an interface? IIRC there used to be an option "tcp_incoming_adress" in /etc/squid.conf, but I think lately it was changed to be included in the "http_port" option. HTH Frank
Re: bind squid to interface
Michael West wrote: > > I would like to bind squid to a specific interface. [...] > What am I doing wrong with xinetd? What other ways are there to make > squid bind to an interface? IIRC there used to be an option "tcp_incoming_adress" in /etc/squid.conf, but I think lately it was changed to be included in the "http_port" option. HTH Frank -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Blocking sub-range of IP addresses
Bill wrote: > I want to block all ip's ending in 224 to 255 but not 220 and others > searching the net I found I need to add "/27" to end of the ip. > I understand /8 /16 /24 /32 somewhat but... Netmasks work using a binary logical AND operation. A few years ago, you would be using something like 255.255.255.224 which is binary ...1110 and would mean "this subnet uses all 8 bits of the first number, the second number, the third number and the most significant 3 bits of the fourth number", all four of those numbers being 8-bit unsigned integers. If you count the "1"s you will find there are 27 of them in a row. > My question: what makes /27 significant > X.Y.Z.224 - X.Y.Z.255 > deny from 63.148.99.224/27 This is the same as deny from 63.148.99.224/255.255.255.224 (is this still legal?), any address will be checked if (W.X.Y.Z) AND (255.255.255.224) is 63.148.99.224. Here, the interesting part is that for any Z between 224 and 255, and for those only, (Z AND 224) will be 224 (binary numbers from 1110 to ). > P.s. for example, how would I block only X.Y.Z.23 - X.Y.Z.55 ??? 23 = binary 00010111 55 = binary 00110111 Since those two do not follow the scheme of [same bit]^N[0]^M and [same bit]^N[1]^M, you could not use the short form, you would have to block most of them individually. HTH Frank
Re: Blocking sub-range of IP addresses
Bill wrote: > I want to block all ip's ending in 224 to 255 but not 220 and others > searching the net I found I need to add "/27" to end of the ip. > I understand /8 /16 /24 /32 somewhat but... Netmasks work using a binary logical AND operation. A few years ago, you would be using something like 255.255.255.224 which is binary ...1110 and would mean "this subnet uses all 8 bits of the first number, the second number, the third number and the most significant 3 bits of the fourth number", all four of those numbers being 8-bit unsigned integers. If you count the "1"s you will find there are 27 of them in a row. > My question: what makes /27 significant > X.Y.Z.224 - X.Y.Z.255 > deny from 63.148.99.224/27 This is the same as deny from 63.148.99.224/255.255.255.224 (is this still legal?), any address will be checked if (W.X.Y.Z) AND (255.255.255.224) is 63.148.99.224. Here, the interesting part is that for any Z between 224 and 255, and for those only, (Z AND 224) will be 224 (binary numbers from 1110 to ). > P.s. for example, how would I block only X.Y.Z.23 - X.Y.Z.55 ??? 23 = binary 00010111 55 = binary 00110111 Since those two do not follow the scheme of [same bit]^N[0]^M and [same bit]^N[1]^M, you could not use the short form, you would have to block most of them individually. HTH Frank -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
