From owner-freebsd-questions Fri Jun 30 10: 8:47 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail2.wmptl.com (mail2.wmptl.com [216.221.73.131]) by hub.freebsd.org (Postfix) with ESMTP id A547C37C0A6 for ; Fri, 30 Jun 2000 10:08:32 -0700 (PDT) (envelope-from webmaster@wmptl.com) Received: from wmptl.com ([10.0.0.168]) by mail2.wmptl.com (8.9.3/8.9.3) with ESMTP id NAA77136; Fri, 30 Jun 2000 13:27:36 -0400 (EDT) (envelope-from webmaster@wmptl.com) Message-ID: <395CD3A9.BD3E420C@wmptl.com> Date: Fri, 30 Jun 2000 13:06:49 -0400 From: Nathan Vidican X-Mailer: Mozilla 4.72 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: darryl@osborne-ind.com Cc: questions@freebsd.org Subject: Re: Network question. References: <000c01bfe2a5$51ec8700$070101c0@ruraltel.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Darryl Hoar wrote: > > I am running Freebsd 3.2-release. I am using this > machine as a gateway to the internet for my LAN. > I am looking at tightening up security and exploring > ipfilter. > > I purchased the book "Building Internet Firewalls" 2nd > edition by Zwicky, Coopedr & Chapman. > > The notation 192.168.8.0/22 is used. How do you > interpret this ? what does the last 0/22 mean ? > > thanks, > > Darryl > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message A /22 network refers to a group of 1024 IP addresses which can directly access any other IP address within it's own range. (that's the short answer -want a longer explanation read on). TCP/IP is routed between subnets, the /xx, is the subnets deligation. For example, a /24 subnet refers to 255.255.255.0 (254 usable IP addresses). Calculations can be done is this manner to find out how many IP's are available; I use a /24 network as a starting point, you could go less. One /19 equals 32 /24s, and /16 equals 256 /24s; for every decremented number of the subnet /xx, you increase by the power of two. For example, if you start with a /24 (Class 'C' bank 255IP addresses netmask 255.255.255.0): /24 = 1 (256 ips) /23 = 2 (512 ips) /22 = 4 (1024 ips) /21 = 8 (2048 ips) /20 = 16 (4096 ips) /19 = 32 (8192 ips) /18 = 64 (16384 ips) /17 = 128 (32768 ips) /16 = 256 (65536 ips) /15 = 512 (131072 ips) etc... Routing is controlled through the use of subnets. Every IP address has a subnet mask; if that subnet mask does not match with that of another IP address, then the two addresses cannot directly see each other. For example, if you had a machine on the address 192.168.1.1, with a subnet mask of 255.255.255.0 (/24); that machine would be able to directly connect to all addresses between 192.168.1.0 - 192.168.1.254. In order for that machine to connect to a different IP address, eg: 10.0.0.1; there must be a route for it. By giving a machine two IP addresses an corrosponding netmasks, we can allow it to route packets from one interface to the other. This routing now creates a gateway for machines on one network to be able to access those on another. If you run a 'traceroute whatever.com', you can view a list of all the routes you must go through to get to the destination address. You may want to try and read up a bit on BGP if your looking at doing any really serious routing. If you're looking to just do a simple firewall to access the internet with, I'd suggest you try reading a few of the tutorials available out there, (try www.defcon1.org, freebsd.peon.net, etc). -- Nathan Vidican webmaster@wmptl.com Windsor Match Plate & Tool Ltd. http://www.wmptl.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message