[mdlug] IPCOP install

Dave Arbogast mdlug3 at arb.net
Wed Feb 20 14:24:52 EST 2008 

Sounds like the kids need a new OS ;-)

You would not believe how many of my friends have called me this month 
alone because their kids got wacked on myspace with various malware. The 
only thing they all have in common - their kids use WinDoze.

-dave

David Lane wrote:

>Thank you, 
>
>I know that it is common practice to place network resources and workstations on separate sub nets. 
>
>However in a home office there wont be a need, But I have to protect the servers from the kids computers and the viruses they get.  
>
>David 
>
>----- Original Message ----
>From: Joseph C. Bender <jcbender at bendorius.com>
>To: MDLUG's Main discussion list <mdlug at mdlug.org>
>Sent: Wednesday, February 20, 2008 12:40:51 PM
>Subject: Re: [mdlug] IPCOP install
>
>
>Tony 
>Bemus 
>wrote:
>  
>
>I 
>believe 
>you 
>can 
>not 
>because 
>the 
>192.168.x.x 
>ip 
>range 
>is 
>a 
>Class 
>C
>  
>
>range 
>with 
>a 
>default 
>subnet 
>mask 
>of 
>255.255.255.0.  
>If 
>you 
>need 
>to 
>use
>  
>
>the 
>255.255.0.0 
>subnet 
>then 
>start 
>with 
>a 
>class 
>B 
>address 
>like
>  
>
>172.16.x.x 
>  
>
>    
>Please 
>go 
>and 
>read 
>RFC1918 
>(http://www.faqs.org/rfcs/rfc1918.html). 
>192.168.0.0 
>is 
>a 
>/16.  
>172.16.0.0 
>is 
>a 
>/12, 
>NOT 
>a 
>/16, 
>despite 
>so 
>many 
>references 
>getting 
>it 
>very 
>very 
>wrong.
>
>I 
>will 
>also 
>point 
>out 
>that 
>Class 
>A, 
>B 
>and 
>C 
>are 
>very 
>outdated 
>nomenclature, 
>as 
>CIDR's 
>been 
>in 
>effect 
>for 
>many 
>years 
>now.  
>It's 
>more 
>common 
>to 
>refer 
>to 
>networks 
>by 
>their 
>CIDR 
>bitmask 
>(/16, 
>/20, 
>/19, 
>/24).
>
>The 
>3 
>private 
>subnet 
>allocations 
>are 
>as 
>follows 
>(from 
>the 
>RFC):
>
>10.0.0.0  
>  
>  
>  
>-  
> 
>10.255.255.255  
>(10/8 
>prefix)
>172.16.0.0  
>  
>  
>-  
> 
>172.31.255.255  
>(172.16/12 
>prefix)
>192.168.0.0  
>  
> 
>-  
> 
>192.168.255.255 
>(192.168/16 
>prefix)
>
>So, 
>to 
>answer 
>David's 
>question, 
>yes, 
>you 
>can 
>use 
>192.168.0.0/16 
>(255.255.0.0) 
>as 
>a 
>unpartitioned 
>subnet.  
>I 
>wouldn't 
>advise 
>doing 
>that 
>(just 
>because 
>it's 
>a 
>massive 
>subnet 
>that 
>doesn't 
>need 
>to 
>really 
>be 
>that 
>big), 
>but 
>you 
>can 
>do 
>it.  
>If 
>you 
>really 
>want 
>to 
>allocate 
>/16s 
>everywhere 
>and 
>keep 
>it 
>in 
>the 
>same 
>overall 
>IP 
>supernet 
>structure, 
>do 
>it 
>in 
>10.0.0.0/8 
>space, 
>start 
>from 
>the 
>bottom 
>and 
>work 
>your 
>way 
>up.  
>This 
>is 
>very 
>useful, 
>as 
>it 
>permits 
>for 
>simpler 
>things 
>like 
>firewall 
>rules 
>addressing 
>the 
>supernets 
>for 
>things 
>like 
>outbound 
>NAT 
>rules.
>
>David, 
>if 
>you 
>want 
>to 
>see 
>how 
>various 
>ip 
>masks 
>and 
>combinations 
>work 
>for 
>various 
>things, 
>try 
>installing 
>ipcalc 
>on 
>your 
>favorite 
>linux 
>distro. 
>It's 
>a 
>little 
>command 
>line 
>widget 
>that 
>for 
>a 
>given 
>network 
>address 
>and 
>subnet 
>mask 
>(or 
>bits) 
>will 
>give 
>you 
>lots 
>of 
>useful 
>information.  
>I 
>use 
>it 
>all 
>the 
>time 
>to 
>double 
>check 
>my 
>work 
>when 
>I'm 
>splitting 
>out 
>IP 
>supernets 
>into 
>funky 
>subnets 
>that 
>I 
>can't 
>always 
>recall 
>precisely.
>
>HTH
>
>
>
>  
>

More information about the mdlug mailing list