Re: Network number getting mangled

[Jason Opperisano <opie@817west.com>]

On Tue, Mar 01, 2005 at 04:47:25PM -0500, Daniel J. Brennan wrote:
> Hello Netfilter,
> 
> I have a Fedora Core 1.0 linux box (iptables-1.2.9-1.0) NATing traffic
> from a private network onto a valid public network. The private network
> IP address space essentially mirrors the public IP address space. For
> example the public space is XX.XX.168.0/18, hence the private space
> looks like 10.0.168.0/18. 
> 
> The problem I have is related to the netmask value. The netmask /18 is
> actually mangling the third octet of the network number. For example if
> I append a rule:
> 
> 	iptables -A INPUT -i eth0 -p icmp -s 10.0.168.0/18 -j ACCEPT
> 
> A listing of the INPUT Chain shows the corresponding rule with the
> network as 10.0.128.0/18. This doesn't seem to occur if the netmask is
> /22. If I set the netmask to /20 the network number then looks like
> 10.0.160.0/20. I have no idea how this can happen. Is this a bug or am I
> misconfiguring something. The pertinent portions of the configuration
> are included below along with the output from "iptables -L -v"

mangling?  um--no...  the iptables command is nice enough to correct
your poor math for you: 10.0.168.0/18 is nonsense--the network ID for
10.0.168.0/18 is: 10.0.128.0 (the broadcast being 10.0.191.255).

just as if i typed in 10.25.25.25/24 it would correct my incoherence to:
10.25.25.0/24

your example of 10.0.168.0/22, actually does define a network
ID--10.0.168.0 - 10.0.171.255

as to what value you actually want--i have no idea.

say what you mean and mean what you say.

-j

--
"You heard me, I won't be in for the rest of the week... I told you,
 my baby beat me up... oh it is not the worst excuse I ever thought up."
        --The Simpsons