Ip ranges notations

dob · Apprentice Joined: 04 Oct 2002 Posts: 199 Location: S.L.P.

Daemons firewalls etc all seem to use a common notation to name ip ranges.

like 3.2.1.0/32

However, since I use linux for fun and never had tcp/ip classes at school, I don't understand that notation.

It seems that 1.0.0.0/8 equals the ip range from 1.0.0.0 to 1.255.255.255

But how about /12 /16 etc.? Could someone explain me in simple terms how it works?

Thanks :wink:

fbleagh · Tux's lil' helper Joined: 13 Jun 2002 Posts: 98

The /8 /16 /24 notation is just a shorthand version of the old datted quad system

without going into the whys and wherefores here is a basic conversion table

255.0.0.0 = /8
255.255.0.0 = /16
255.255.255.0 = /24

if you want a bit more of an explanation then read on.

255.0.0.0 in binary = 11111111 00000000 00000000 00000000

funnily enough 255 in binary is 11111111

and 255.255.0.0 in binary = 11111111 11111111 00000000 00000000

getting the idea ?

The new notation just says how many bits are being masked.
if you look at the above u can see that 255.0.0.0 is masking 8bits.
and 255.255.255.0 is masking 16 bits

I hope this is of some help.

Cheers from Down Under

Fbleagh

dob · Apprentice Joined: 04 Oct 2002 Posts: 199 Location: S.L.P.

yep this sure helps, thanks

However, I'm not sure I fully understand how it works just yet.

1.0.0.0/12 = 1.0.0.0 -> 1.15.255.255 (since 11110000 = 240) :?:

If that's correct, now how do I proceed the other way around?
For ex what would be the notation for 192.168.1.13 -> 192.168.1.47

fbleagh · Tux's lil' helper Joined: 13 Jun 2002 Posts: 98

there isn't one subnet that would only do from 192.168.1.13 192.169.1.47
the closest you would get would be the 192.168.1.0 network with the subnet mask 255.255.255.192.

As subnets start at specific points along 1--255

for example

192.168.1.0 network with the subnet mask 255.255.255.192 ( /26 )

column 1 -- Network
column 2 -- first host in subnet
column 3 -- last host in subnet
column 4 -- Broadcast Address

192.168.1.0 192.168.1.1 192.168.1.62 192.168.1.63
192.168.1.64 192.168.1.65 192.168.1.126 192.168.1.127
192.168.1.128 192.168.1.129 192.168.1.190 192.168.1.191
192.168.1.192 192.168.1.193 192.168.1.254 192.168.1.255

so if i was given the address 192.168.1.13 with a subnet mask of /26
i would be able to see addresses 192.128.1.1 --> 62 without going through a router.

or if i was 192.168.1.140/26 i would be able to see 192.168.1.129-190

I may be easier for you to explain where you are tryng to get to and i'll see what i can do to step you through it

dob · Apprentice Joined: 04 Oct 2002 Posts: 199 Location: S.L.P.

Actually I'm just trying to understand how to tell a daemon what ip range he should accept connections from without typing all of them 1 by 1, same for allowing/blocking ip ranges with iptables.

For instance the first time I tried to setup exim, I wanted it to relay mail for the 2 computers of my internal lan, and I assumed 192.168.0.2/2 would only let 192.168.0.2 and 192.168.0.3 send mail through it

Hopefully I realized it was not correct minutes later by running an open relay test before any spammer could abuse it.

If I understood what you told me correctly, I should have used 192.168.0.0/30

I feel confused by what this has to do with routers, and your 192.168.1.140/26 example

Regarding routers I assume you're talking about the calculation of the netmask to use to have several subnets within say 192.168.0.xxx

Regarding 192.168.1.140/26, here's my understanding of how you get 192.168.1.129->190.
As I'm trying to find the calculation by knowing the solution, I put my fantasy to work but I don't get the same figures
26 means we have the 1st two bits masked, ie 11000000, that makes 192 in decimal
255-192=63
Then we divide the 1-255 range in pieces of 63 ips
We get 1->63, 64->127, 128->191, 192-255
128<140<191 so 192.168.1.140/26 = 192.168.1.128-191
Where am I wrong :?:

digitalnick · Posted: Thu Feb 27, 2003 7:06 pm Post subject:

the /8 ect ... is called CIDER notation

its used because the regular class based ranges are limiting with classless routing its easy to setup supernets and subnets
the /number stands for how many network bits there are in the address

192.168.1.1/24 is a class c address for example its subnet is 255.255.255.0 but if we want to say buy 2 class c ranges and make them into one bigger network we need to borrow bits so we could have say a /20 netmask which would be
11111111 11111111 11110000 0000000 in binary
or
255.255.240.0

that leaves you 12 bits for hosts so you could have 2^12-2 hots instead of 2^8-2 hosts

rtn · Guru Joined: 15 Nov 2002 Posts: 427

dasalvagg · Apprentice Joined: 26 Jun 2002 Posts: 183 Location: NY

yep...its CIDR

Look up classless interdomain routing. You're right, you're likely to see /xx notation on routers...its right in the name. In most cases its used to allow ISP to give customers a block of continous IP address without forcing them to buy an entire class...which you cant even do anymore. Its a good idea to understand subetting and supernetting too, these all have the same princibles in mind. Breaking apart ranges or addresses to create more useable systems. Let me give you a warning...breaking down too many ip addresses to binary will hurt your head.

Major Nugzz · n00b Joined: 30 Jan 2003 Posts: 6 Location: Wisconsin

This may help too, especially if all that binary stuff makes your head hurt.

http://www.telusplanet.net/public/sparkman/netcalc.htm

digitalnick · Posted: Thu Feb 27, 2003 11:18 pm Post subject:

lol i spelled it wron cider heh /me smacks himself