Ip Range

Unanswered Question
Aug 12th, 2008
User Badges:

Say I have a network object group object in my firewall, and I wish to add in not just an IP but a range of IP's. 12.12.12.1 to like 12.12.12.10? I hope I am doing this wrong by entering in 10 ips vs just a range of some sort.


Chuck

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
sundar.palaniappan Tue, 08/12/2008 - 06:31
User Badges:
  • Green, 3000 points or more

Chuck


To enter a range of addresses you can use the appropriate network mask to keep the number of network objects required to a minimum.


In your scenario this can be done with 3 network objects rather than 10 host network objects like this.


object-group network TEST

network-object 12.12.12.0 255.255.255.248

network-object 12.12.12.8 255.255.255.254

network-object host 12.12.12.10


HTH


Sundar


netperception Tue, 08/12/2008 - 06:58
User Badges:

How do you go from 0 to 8 to 10? And then even choose the net mask from 248 to 254? I'm trying to figure a pattern to so I can replicate this into more ranges. I can read relative links. Like say I'd block a whole range. 10.1.1.*

sundar.palaniappan Tue, 08/12/2008 - 09:01
User Badges:
  • Green, 3000 points or more

248 indicates the first 5 bits of the 3rd octet need to match but it doesn't care about the last 3 bits (address range of 0-7). A quick search on Netpro should find lot of useful links on subnetting. Here's one I found on google that may find helpful.


http://www.timothytuohy.com/subnetting_101.htm


HTH


Sundar

netperception Thu, 08/21/2008 - 05:32
User Badges:

Thanks Sundar,


I will continue to read this article. I still don't fully understand sub netting but maybe can you tell me how to block this range 200.63.42.* and it may bring my understanding closer.


I want to block these bastard IP's from a Panama set of servers that is abusive. This example I would like to block 200.63.42.* basically everyone in that range.

netperception Thu, 08/21/2008 - 07:45
User Badges:

Too bad there wasn't a Cisco website tool like http://www.cisco.com/cgi-bin/Support/IpSubnet/home.pl that we could enter a desired range and have it calculate it. That would be perfect while reading your article as I read theory but sometimes (like this time) need to exercise correct and incorrect'ed'ness to help reinforce understanding.


Got more articles? I tried searching netpro but got lots of unrelated articles.

Actions

This Discussion