Date: Thu, 4 Oct 2001 15:43:56 +0200 From: "Patrick O'Reilly" <patrick@mip.co.za> To: "Daniel Fairs" <daniel.fairs@spiderplant.net>, "FreeBSD Question List" <freebsd-questions@FreeBSD.ORG> Subject: RE: Firewalling again Message-ID: <NDBBIMKICMDGDMNOOCAIMEOLDJAA.patrick@mip.co.za> In-Reply-To: <NKEPKAINDOAHFAIDHBHAIELNCFAA.daniel.fairs@spiderplant.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Daniel, > It transpires that we in fact have allocated to us the 8 IPs > 213.2.28.63 to > 213.2.28.70 inclusive - on one subnet. So that's expressed as > 213.2.28.63/29, yes? (This whole thing is not helped by the fact that I'm > only just getting to grips with CIDR notation ;). That gives > 213.2.28.63 as > the subnet IP and 213.2.28.70 as the net broadcast address. (Guess I'd > better move the firewall off of .70 then.) No, something is amiss. A /29 subnet has 8 addresses, and these must begin on a multiple of 8 (like 56 or 64). A range from .63 to .70 does not make sense! You should have .56 thru .63, or .64 thru .71. > > I guess, then, that I need to talk to my ISP about splitting the /29 into > two /30s? Then I'd have: > .63 - subnet 1 IP > .64 - Firewall external IP > .65 - DSL Router IP > .66 - subnet 1 broadcast > > .67 - subnet 2 IP > .68 - Mailserver IP > .69 - unused > .70 - subnet 2 broadcast > > Does that make sense? Or am I getting the wrong end of the stick? > > Something I find a little concerning in my predecessor's docs is that our > ISP seems to have taken one of our IPs (currently .64) for 'internal use'. > Is this normal? Or do they just have a weird system? Yes, you can split a /29 to two /30s, see below. I'm thinking, reading between all these lines, that what you actually have is .64 thru .71, which could then be arranged as follows: subnet A: 213.2.28.64/30 .64 (reserved - 'cos its the subnet address) .65 (the DSL router device - also your f/w's default gateway) .66 (the ip you should have on the xl2 interface of the f/w) .67 (reserved - broadcast) subnet B: 213.2.28.68/30 .68 (subnet address) .69 (the f/w xl1 interface, also your mx's default router) .70 (the mail server's ip) .71 (reserved - broadcast) Unfortunately, this leaves you with no spare IPs. If you are certain that .63 is yours, then you want to verify what the subnet is, probably 213.2.28.60/30. But, this would render .63 unusable anyway as it is the broadcast address !?! I think you need to get hold of someone at your ISP who has more than a handful of grey cells to rub together (that can be difficult - trust me! :), and verify what exactly is allocated to you. > > T very much IA! > Cheers, > Dan > Pleasure to help - I'm usually the one doing the asking :) Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBIMKICMDGDMNOOCAIMEOLDJAA.patrick>