|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] TCP/IP netmask question
|
Hey all,
This is more of a general networking question but since this is on a
linux box I feel somewhat justified in asking...
I have a 10.1.1.x network with a 255.0.0.0 netmask supporting a number
of users. Not all of our users are good about paying up on time so I'd
like to rewrite the ipchains script to only allow access to the outside
from specific IP addresses. From the IP masq Howto I see that to allow
the entire network, I'd run a line like this:
/sbin/ipchains -A forward -i eth0 -j MASQ
...which we have now and works fine.
And to allow from only specific IPs, I'd run this:
/sbin/ipchains -A forward -i eth0 -s 10.1.1.x/32 -j MASQ
...repeat for each allowed IP.
The question is the netmask /32 Is this right? For a class A network,
a netmask is typically a /8 but then that would again allow everyone.
So by using a /32, I'm using a more precise 32 bit address allowing only
that IP address, right?
Just wanted to confirm my thinking before causing massive mayhem.
Thanks!
-eric
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|