[Shorewall-users] How to allow specific services for machines
in LAN behind router?
bram-mertens at linux.be
Mon Feb 14 12:01:51 PST 2005
On Mon, 2005-02-14 at 11:46 -0800, Tom Eastep wrote:
> > If I understand this correctly this would allow ssh for machines with an
> > IP address between 192.168.1.0 and 192.168.1.255.
> > Is there a way to allow only the IP addresses between 192.168.1.100 and
> > 192.168.1.149?
> When working with networks, it is always best to pretend that human
> beings were given either 8 or 16 fingers rather than 10. Then you would
> be thinking of "IP addresses between 192.168.1.128 and 192.168.1.159"
> which would be:
> ACCEPT net:192.168.1.128/27 fw tcp 22
/27 because that would be the VLSM with a Subnet Mask of 255.255.255.224
(as per Table 3. VLSM in the Shorewall Setup Guide)
> But if you don't sleep well unless all of the boundaries in your life
> are at multiples of 10 then:
> (see why powers of 2 are preferred to multiples of 10?)
<scratch my head>
It would be easier to configure the dhcp of my router to provide IP
addresses starting from 192.168.1.128 rather than 192.168.1.100 and have
it assign only 31 addresses in stead of 50. That way I can use the
ACCEPT net:192.168.1.128/27 fw tcp 22
rule you suggested, right?
# Mertens Bram "M8ram" <bram-mertens at linux.be> Linux User #349737 #
# debian testing kernel 2.6.8-1-686 i686 512MB RAM #
# 20:54:36 up 6 days, 41 min, 7 users, load average: 1.34, 0.93, 0.74 #
More information about the Shorewall-users