[mdlug] IPCOP install

David Lane dcl400m at yahoo.com
Wed Feb 20 13:29:24 EST 2008 

Thank you, 

I know that it is common practice to place network resources and workstations on separate sub nets. 

However in a home office there wont be a need, But I have to protect the servers from the kids computers and the viruses they get.  

David 

----- Original Message ----
From: Joseph C. Bender <jcbender at bendorius.com>
To: MDLUG's Main discussion list <mdlug at mdlug.org>
Sent: Wednesday, February 20, 2008 12:40:51 PM
Subject: Re: [mdlug] IPCOP install


Tony 
Bemus 
wrote:
> 
I 
believe 
you 
can 
not 
because 
the 
192.168.x.x 
ip 
range 
is 
a 
Class 
C
> 
range 
with 
a 
default 
subnet 
mask 
of 
255.255.255.0.  
If 
you 
need 
to 
use
> 
the 
255.255.0.0 
subnet 
then 
start 
with 
a 
class 
B 
address 
like
> 
172.16.x.x 
> 
    
Please 
go 
and 
read 
RFC1918 
(http://www.faqs.org/rfcs/rfc1918.html). 
192.168.0.0 
is 
a 
/16.  
172.16.0.0 
is 
a 
/12, 
NOT 
a 
/16, 
despite 
so 
many 
references 
getting 
it 
very 
very 
wrong.

I 
will 
also 
point 
out 
that 
Class 
A, 
B 
and 
C 
are 
very 
outdated 
nomenclature, 
as 
CIDR's 
been 
in 
effect 
for 
many 
years 
now.  
It's 
more 
common 
to 
refer 
to 
networks 
by 
their 
CIDR 
bitmask 
(/16, 
/20, 
/19, 
/24).

The 
3 
private 
subnet 
allocations 
are 
as 
follows 
(from 
the 
RFC):

10.0.0.0  
  
  
  
-  
 
10.255.255.255  
(10/8 
prefix)
172.16.0.0  
  
  
-  
 
172.31.255.255  
(172.16/12 
prefix)
192.168.0.0  
  
 
-  
 
192.168.255.255 
(192.168/16 
prefix)

So, 
to 
answer 
David's 
question, 
yes, 
you 
can 
use 
192.168.0.0/16 
(255.255.0.0) 
as 
a 
unpartitioned 
subnet.  
I 
wouldn't 
advise 
doing 
that 
(just 
because 
it's 
a 
massive 
subnet 
that 
doesn't 
need 
to 
really 
be 
that 
big), 
but 
you 
can 
do 
it.  
If 
you 
really 
want 
to 
allocate 
/16s 
everywhere 
and 
keep 
it 
in 
the 
same 
overall 
IP 
supernet 
structure, 
do 
it 
in 
10.0.0.0/8 
space, 
start 
from 
the 
bottom 
and 
work 
your 
way 
up.  
This 
is 
very 
useful, 
as 
it 
permits 
for 
simpler 
things 
like 
firewall 
rules 
addressing 
the 
supernets 
for 
things 
like 
outbound 
NAT 
rules.

David, 
if 
you 
want 
to 
see 
how 
various 
ip 
masks 
and 
combinations 
work 
for 
various 
things, 
try 
installing 
ipcalc 
on 
your 
favorite 
linux 
distro. 
It's 
a 
little 
command 
line 
widget 
that 
for 
a 
given 
network 
address 
and 
subnet 
mask 
(or 
bits) 
will 
give 
you 
lots 
of 
useful 
information.  
I 
use 
it 
all 
the 
time 
to 
double 
check 
my 
work 
when 
I'm 
splitting 
out 
IP 
supernets 
into 
funky 
subnets 
that 
I 
can't 
always 
recall 
precisely.

HTH



-- 
Joseph 
Bender
Bendorius 
Consulting
P: 
248-434-5580
F: 
248-434-5581
jcbender 
at 
bendorius 
com
_______________________________________________
mdlug 
mailing 
list
mdlug at mdlug.org
http://mdlug.org/mailman/listinfo/mdlug






      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

More information about the mdlug mailing list