M0n0wallDocumentationTestBed : DeterminingCIDRRanges

M0n0DocHome :: Categories :: PageIndex :: RecentChanges :: RecentlyCommented :: Login/Register

Determining CIDR Ranges


You can use CIDR ranges in some parts of m0n0wall to define a range of IP addresses, for example for use in firewall rules. But how can you determine what range you can or should use?

The easiest way to explain is to use a subnet calculator and plug in various values until you find something that works. I personally like subnetmask.info. This guide will describe how to work through this using the tools on subnetmask.info.

First, determine the dotted decimal mask for the CIDR you wish to use. I'll use /29 as an example. Fill in 29 under Subnet Mask Converter and click the Calculate button to the right of that box. This shows the dotted decimal mask is 255.255.255.248.

image

Now go up to the Network/Node Calculator box. Fill in the subnet mask in the first row, and an IP address in the second. Then click the Calculate button to the right of the IP address field.

image

This shows the network address is 10.0.0.0 and the broadcast address is 10.0.0.7. For the purposes of CIDR summarization for firewall rules and other purposes in m0n0wall, this means the CIDR range 10.0.0.0/29 includes the addresses 10.0.0.0 through 10.0.0.7. Note that it doesn't matter what subnet mask the network is actually using, these CIDR ranges are completely independent of that. It could be a 10.0.0.0/24 subnet, or 10.0.0.0/8, or anything else.

If you want a range starting at something other than 0, type in an IP address that will be within the desired range. I'll use 10.0.0.175 as an example, with a /28 mask this time.

image

This shows that the CIDR range including 10.0.0.175 with a 28 bit mask is the range of 10.0.0.160 through 10.0.0.175.

Note that you won't always be able to find a perfect match for a desired range of IP addresses. This is because you cannot arbitrarily determine where a CIDR range starts. For more detailed information, read up on IP subnetting.

The following is a list of commonly used CIDR masks followed by the number of addresses each covers when used as a range in firewall rules. This should help you determine what numbers to start plugging in.

CIDR - Number of addresses
31 - 2
30 - 4
29 - 8
28 - 16
27 - 32
26 - 64
25 - 128

There are no comments on this page. [Add comment]

Page History :: 2007-11-02 19:38:38 XML :: Owner: ChrisB :: Search:
Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by Wikka Wakka Wiki 1.1.6.1
Page was generated in 0.1604 seconds