Ip range

Ip range

[Philippe Dhont (Sea-ro)]

Howdy,

I use an IP range 10.60.10.10 and 10.165.10.10 and 192.168.50.10
With subnet mask 255.255.0.0
But in my firewall script i have to us 10.60.0.0/8
And this shows up (off course) as 10.0.0.0 but if i use 10.60.0.0 i get an
error that this is not right.
How can i use the correct range so that i get 10.60.0.0 and 10.165.0.0 and
192.168.0.0 in my iptables ?

Thnx!

	--Tronstr@xsomic--

Re: Ip range

[Kim Jensen]

On Wednesday 16 April 2003 17:22, Philippe Dhont (Sea-ro) wrote:
> Howdy,
>
> I use an IP range 10.60.10.10 and 10.165.10.10 and 192.168.50.10
> With subnet mask 255.255.0.0
> But in my firewall script i have to us 10.60.0.0/8
> And this shows up (off course) as 10.0.0.0 but if i use 10.60.0.0 i get an
> error that this is not right.
> How can i use the correct range so that i get 10.60.0.0 and 10.165.0.0 and
> 192.168.0.0 in my iptables ?
>
Netfilter is fairly simple when it comes to ranges, it follows some rules 
described in the networking concepts howto 
(http://netfilter.org/documentation/HOWTO//networking-concepts-HOWTO.html).

If you wish to use different ranges, then you must tell the netfilter this, 
otherwise it will, quite correctly, return an error.

In your case, you must split up you 10.x.x.x into several ranges, since you 
use a strange setup. Why don't you just simply use the full 10.x.x.x range?

/Kim

ip range

[laurent]

i set up a firewall with iptables
the firewall has three interface :
eth0 (192.168.1.1) connecting the lan with a server and three workstations 
(192.168.1.xxx)
eth1 (192.168.2.1) connecting the dmz with a webserver (192.168.2.xxx)
eth2 (192.168.4.1) connected to the internet via a cable router

the webserver (apache 2.0) on the dmz has three interface : eth0 (192.168.2.2), eth1 
(192.168.2.3) and eth2 (192.168.2.4) for SSL purpose that not support virtualhost 
directive
I use dyndns service with three dynamic hosts, one for each interface
My problem is that I don't know how to foward port 80 requests to all ip addresses.
I just succeeded to foward one by one but apache serves the same site for each 
dynamic host

I had read the DNAT howto but I not sure it's what I need to do ?
any idea please ?

Laurent

IP range

[Andy Samuel]

Dear All

I follow the example of ip range feature to block my
incoming connection starting from IP 192.168.0.76 to
254, but allowing 192.168.0.1 to 75 to pass.
So I use :
iptables -A FORWARD -m iprange --src-range
192.168.0.76-192.168.0.254 -p TCP -j DROP.

It shows error that iptables can not find
libipt_iprange.
I've check /lib/iptables and no any file about
iprange.
But I know my kernel already compiled with iprange
enabled and ipt_iprange is already loaded as module (
I can see it from lsmod ).

How do I get libipt_iprange.so ?
What is the connection of the file with the kernel
module of ipt_iprange.so ?

Thank you so much

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

Re: IP range

[Ray Leach]

[-- Attachment #1: Type: text/plain, Size: 1314 bytes --]

On Thu, 2003-09-25 at 15:02, Andy Samuel wrote:
> Dear All
> 
> I follow the example of ip range feature to block my
> incoming connection starting from IP 192.168.0.76 to
> 254, but allowing 192.168.0.1 to 75 to pass.
> So I use :
> iptables -A FORWARD -m iprange --src-range
> 192.168.0.76-192.168.0.254 -p TCP -j DROP.
> 
> It shows error that iptables can not find
> libipt_iprange.
> I've check /lib/iptables and no any file about
> iprange.
> But I know my kernel already compiled with iprange
> enabled and ipt_iprange is already loaded as module (
> I can see it from lsmod ).
> 
> How do I get libipt_iprange.so ?
> What is the connection of the file with the kernel
> module of ipt_iprange.so ?
> 
You need to recompile the iptables source code. The kernel module
basically lists the entry points for the functions in the shared object
file (.so).

> Thank you so much
> 
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com
-- 
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]