RE: Security help desperately needed - more info

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Another, more reasonable interpretation:
> what does 192.168.0.1/24 mean?  {or, equivalently,
192.168.0.1/255.255.255.0)
...
> what does 192.168.0.0/24 mean? 

It means, "My Address is 192.168.0.1," and "I belong to the subnet 
  with addresses that range from 192.168.0.0 through 192.168.0.255"

The rules:  
1.  The dotted-quad is a specific address (save for special interpretations
of the first and last addresses in the range).  It must be unique on the
network (i.e., nobody else using it).

2.  The mask 255.255.255.0 (or, in  CIDR, /24) specifies what *other*
addresses (the subnet range) this NIC can communicate with (including
itself)

See if this made-up example makes sense:

My NIC's address:  75.213.18.72
My "neighborhood" of other addresses on this subnet:  75.213.18.0 through
75.213.19.255
There are 512 addresses in the range; 512 is equivalent to a 9-bit binary
value.  
To compute CIDR:  32 - (9) = 23
So, my NIC's address and mask are:  75.213.18.72/23
or, if you prefer, 75.213.18.72/255.255.254.0

Here's a completely different way to look at how to understand IP addresses
from one
computer on a network (I'm not teaching routing, here  :-)
For a 512 address range, it takes 9 bits to encode those 512 addresses.
Now, look at
the 32-bit address:  The least-significant 9 bits identify addresses WITHIN
the
subnet; the rest of the bits are identical for everything WITHIN this
subnet, and
something else for NICs OUTSIDE the network.


I think of the MASK as identifying, in a concise way, the line between the
bits
to the left, and bits on the right.  If a packet comes to me and the bits to
the
left of that line don't match mine, I ignore the packet.  If that *does*
match,
then I see if the message has my unique bit pattern; if not, then I ignore
it.  
If it passes both tests...It's For Me!)

Oh, and your second question:
>what does 192.168.0.0/24 mean?

It means:  The entire subnet from 192.168.0.0 through 192.168.0.255.

Remember, the lowest subnet range address (all bits = 0), is the address of
the 
    entire network, and
the highest subnet range address (all bits = 1), is the broadcast address
(to
    which all active addresses in the subnet range listen)

Try working it out yourself, to see if you "get" these IP addressing rules.

--Carol Anne

> -----Original Message-----
> From: centos-bounces@xxxxxxxxxx 
> [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of mouss
> Sent: Thursday, February 07, 2008 1:21 PM
> To: CentOS mailing list
> Subject: Re:  Security help desperately needed - more info
> 
> Milton Calnek wrote:
> >
> >
> > Michael Simpson wrote:
> >> Hi there,
> >>
> >> Should the IP address supplied be the actual address for 
> eth0 rather 
> >> than the network address?
> >>
> >> ie 192.168.0.1/24 rather than 192.168.0.0/24
> >
> > I dunno...
> > what does 192.168.0.1/24 mean?
> 
> this one is not always accepted.
> 
> > what does 192.168.0.0/24 mean?
> 
> this is the correct one.
> >
> > The way I see it, they both mean 192.168.0.0 - 192.168.0.255.
> yes, but the first version is not accepted by all software. 
> because no IP will satisfy
>     bin(ip) & 0xffffff00 = bin(192.168.0.1)
> 
> anyway, I have a samba setup with
>     interfaces = 192.168.10.0/24
> and it works.  so this is not the source of the problem.
> 
> 
> 
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux