• We should now be fully online following an overnight outage. Apologies for any inconvenience, we do not expect there to be any further issues.

quick netmask question

jonmullen

Platinum Member
Jun 17, 2002
2,517
0
0
can you match ip's in iptables that are greater than say 192.168.12.160 ie 192.168.12.161 gets matched but .160 does not.

I believe this is a subnet question,but I could be wrong.

If it is not possible can someone help me set up dhcpd so that the server listens on 192.168.12.1 and serves out in the range 192.168.200.1 - 192.168.200.100
 

johnjbruin

Diamond Member
Jul 17, 2001
4,401
1
0
you can do it for multiples of powers of 2 (or sums of multiples with leading ones only)

you can do it for 128, 192, 224
 

johnjbruin

Diamond Member
Jul 17, 2001
4,401
1
0
i dont know how exactly you would do it but the concept would be:
128 is 10000000 so say you wanted to filter out 143 (10001111) then you'd and it with the mask, which would be 128, then you'd get 128 again, knowing that 143 is above the mask. that way you can filter them.

another example:
mask = 128(10000000), ip = 116 (01110100) so if you and them you get a zero and you know its below the mask, so you can filter based on that.
 

Descartes

Lifer
Oct 10, 1999
13,968
2
0
Originally posted by: jonmullen
so do I match that 192.168.12.0/128

I still don't quite understand what you're trying to do, but all you need to specify is an ip range, not a netmask of any kind. You simply want 192.168.12.160-254 to be allowed, correct?

Your example of 192.168.12.0/128 is using a netmask that is impossible. You're saying 128 bits of the ip address is the netmask; an impossibility considering there are only 32 total. Consider the following:

192.168.0.1/24

That's saying 24 bits of the IP address are for the network address, thus leaving 8 for the hosts. That's really just a shorthand way to write:

192.168.0.1
255.255.255.0

Your 128 example would look like this:

192.168.0.1/25
or
255.255.255.128

Since you're taking 24 bits as the network plus one more bit from the host octet for the subnet.

Hope that helps some. If I'm answering the wrong questions, ignore me :)
 

lowtech1

Diamond Member
Mar 9, 2000
4,644
1
0
Below is the best you can do if you are not satisfy with 192.168.0.1/25 (192.168.0.1~126)


192.168.0.1/26
IP range: 192.168.0.1~62
Broadcast: 63

192.168.0.64/27
IP range: 192.168.0.65~94
Broadcast: 95

and

192.168.0.96/30
IP range: 192.168.0.97~98
Broadcast: 99

or

192.168.0.96/29
IP range: 192.168.0.97~102
Broadcast: 103

PS. This question belong to networking.