Re: [SQU] ACL & Netmasks

From: Henrik Nordstrom <[email protected]>
Date: Tue, 26 Sep 2000 10:15:44 +0200

Freaked Personality wrote:
>
> Hey thanks for the reply, however, I don't totally understand the comment
> you made on the 255.255.255.205 netmask. The way I learned it (seen it
> somewhere, think it was cisco docs not too sure about that
> though) 255.255.255.205 gives you 50 vacant addresses (255-205=50) so
> 192.168.0.150/255.255.255.205 with a 50 addresses "flexibility" should be
> 150 + 50 =200 gives 192.168.0.150 through 192.168.0.200 however you start
> counting below 50 and use only even addresses. If you could explain that
> to me i'd greatly appreciate it.

A netmask is a bit mask.

255.255.255.205 is
11111111.11111111.11111111.11001101

Only positions where there is a 0 is allowed to change.

You cannot count netmasks using decimal digits, only powers of 2.

Most people consider it a very bad habit to have odd netmasks with holes
in them as the above is a good example of (two holes, bit 2 and bit
4-5), also not all equipment can handle such netmasks, and even Squid
has problems with handling "overlapping" masks where the max and min
addresses of two netmasks are overlapping.

A good habit when expressing netmasks is to always use the bit count
only. This makes sure you do not by accident create a odd netmask like
the above.

> Also I think it's kinda strange to give a
> netmask if you use a range like 192.168.0.150-192.168.0.200/32

I dont, but you can skip the netmask if you want as long as the first IP
is not ending in .0.

The point is that the range expression in Squid can be used for networks
as well as individual IP addresses.

> Just one more question, you give an example below for a range:
> 192.168.0.16-192.168.0.48/28
> I can't make any sense whatsoever about the 28bits netmask here...

The above range matches the networks
192.168.0.16/28
192.168.0.32/28
192.168.0.48/28

As this is not a even power of two you cannot express it using a netmask
alone.

> I'm guessing you meant you 29 since that would leave 2^5=32 adresses and

A 29 netmask is only 8 addresses (32 - 29 = 3, 2^3=8)

--
Henrik Nordstrom
Squid hacker
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Tue Sep 26 2000 - 02:17:37 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:29 MST