KPF rule specification of remote subnet address and mask

KPF rule specification of remote subnet address and mask

am 15.07.2007 17:48:17 von Dubious Dude

I'm using KPF 2.1.5, specifying the remote endpoint for a rule. I've read
wikipedia's page on subnetworks. The KPF rule window asks for a network address
and a network mask. My understanding is that a network address 123.234.321.432
and network mask 255.255.255.0 specifies a network address 123.234.321, which
includes all devices with IP addresses 123.234.321.0 to 123.234.321.255. Is
this correct? I wouldn't normally seek a sanity check on something that seems
quite obvious, except that it seems like a strange way to specify the address
range (in 2 separate pieces) when you could just as easily say 123.234.321.xxx.
Thanks.

Re: KPF rule specification of remote subnet address and mask

am 15.07.2007 18:55:19 von Jens Hoffmann

> 123.234.321.432

is not an IP-Address. There can't be any quad bigger than 255.

> Is
> this correct?

More or less.

> I wouldn't normally seek a sanity check on something that seems
> quite obvious, except that it seems like a strange way to specify the address
> range (in 2 separate pieces) when you could just as easily say 123.234.321.xxx.

It is a very similar thing.

Cheers,
Jens

Re: KPF rule specification of remote subnet address and mask

am 16.07.2007 02:08:53 von Wolfgang Kueter

Jens Hoffmann wrote:

>> I wouldn't normally seek a sanity check on something that seems
>> quite obvious, except that it seems like a strange way to specify the
>> address range (in 2 separate pieces) when you could just as easily say
>> 123.234.321.xxx.
>
> It is a very similar thing.

but only for /24 networks (netmask 255.255.255.0)

BTW: I know that you know. ;)

I'd recommend that the OP should read some documents describing ipv4.

Wolfgang

Re: KPF rule specification of remote subnet address and mask

am 17.07.2007 06:26:55 von Dubious Dude

Jens Hoffmann wrote:
>> 123.234.321.432
>
> is not an IP-Address. There can't be any quad bigger than 255.

Egad! My bad! Thanks for the correction. I knew I should have used letters
instead of decimal numbers.


>> Is
>> this correct?
>
> More or less.
>
>> I wouldn't normally seek a sanity check on something that seems
>> quite obvious, except that it seems like a strange way to specify the address
>> range (in 2 separate pieces) when you could just as easily say 123.234.321.xxx.
>
> It is a very similar thing.


Thanks!

Re: KPF rule specification of remote subnet address and mask

am 17.07.2007 06:33:46 von Dubious Dude

Wolfgang Kueter wrote:
> Jens Hoffmann wrote:
>
>>> I wouldn't normally seek a sanity check on something that seems
>>> quite obvious, except that it seems like a strange way to specify the
>>> address range (in 2 separate pieces) when you could just as easily say
>>> 123.234.321.xxx.
>> It is a very similar thing.
>
> but only for /24 networks (netmask 255.255.255.0)
>
> BTW: I know that you know. ;)
>
> I'd recommend that the OP should read some documents describing ipv4.

Have done so, some time ago. It just seems like such an indirect way of
specifying a mask that I thought I'd make sure, especially for a firewall rule.
Coming from a DSP digital circuit design background, it seems much more natural
to specify a network address with don't-care bits in the LSBs that aren't part
of the network address. Not 2 pieces of data, one being a mask and the other
containing the network address and some irrelevant LSBs of arbitrary value. I
suppose the latter is quite useful, though, if one wants to imply an extraction
of the network address from the full 32-bit address. Let the computer do the work.