duh???? 11000000.10100100.00000000.00000000 .eq. 192.168.0.0 11000000.10100100.11001000.00000000 .eq. 192.168.200.0 but they are .EQ. if one looks thru the lens of the netmask as only the 16 leftmost bits are considered as net and the 16 rightmost are considered as host addys. 11000000.10100100.11001000.00000000/16 .EQ 11000000.10100100.00000000.00000000 the /16 mask .EQ. 0.0.255.255 he could really mean 192.168.0.0/16 instead of 192.168.200.0/16 it is common industry practice to subnet 192.168.0.0 on a 16 bit mask... looks like he might have gotten confused but...anyway, hope he fixes the typo.. if its not a typo, then heeding the crack about reading the IP Subnetting text would be wise... v/r, ~piranha -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of Jason Opperisano Sent: Wednesday, August 25, 2004 5:32 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: RE: Problem with ssh > Hi all, > > First off, a feeble attempt at diagramming my setup : > > 192.168.200.x eth -> eth Embedded Linux Wireless ppp -> ppp Embedded > Linux Access Point eth0 -> 192.168.1.x > > The two Embedded Linux Wireless boxes are actually what I am working on. > The second one in the list above is configured as a bridge, and doesn't > currently have any firewalling (because I haven't figured out whether I > need ebtables or iptables, but that's another story). > > The client side wireless box (on the left) has the following rule in it : > > $IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 192.168.200.0/16 -j DROP 192.168.200.0/16 == 192.168.0.0 - 192.168.255.255 try using 192.168.200.0/24; and if that wasn't a typo, reading up on IP subnetting. -j
