Re: [SQU] ACL & Netmasks from Freaked Personality on 2000-09-26 (squid-users)

From: Freaked Personality <freaky@dont-contact.us>
Date: Tue, 26 Sep 2000 09:42:09 +0200 (CEST)

Thanks, this really cleared out a lot :-)

Kind regards,

Ferry van Steen

On Tue, 26 Sep 2000, Henrik Nordstrom wrote:

> Freaked Personality wrote:
> >
> > Hey thanks for the reply, however, I don't totally understand the comment
> > you made on the 255.255.255.205 netmask. The way I learned it (seen it
> > somewhere, think it was cisco docs not too sure about that
> > though) 255.255.255.205 gives you 50 vacant addresses (255-205=50) so
> > 192.168.0.150/255.255.255.205 with a 50 addresses "flexibility" should be
> > 150 + 50 =200 gives 192.168.0.150 through 192.168.0.200 however you start
> > counting below 50 and use only even addresses. If you could explain that
> > to me i'd greatly appreciate it.
>
> A netmask is a bit mask.
>
> 255.255.255.205 is
> 11111111.11111111.11111111.11001101
>
> Only positions where there is a 0 is allowed to change.
>
> You cannot count netmasks using decimal digits, only powers of 2.
>
> Most people consider it a very bad habit to have odd netmasks with holes
> in them as the above is a good example of (two holes, bit 2 and bit
> 4-5), also not all equipment can handle such netmasks, and even Squid
> has problems with handling "overlapping" masks where the max and min
> addresses of two netmasks are overlapping.
>
> A good habit when expressing netmasks is to always use the bit count
> only. This makes sure you do not by accident create a odd netmask like
> the above.
>
>
>
> > Also I think it's kinda strange to give a
> > netmask if you use a range like 192.168.0.150-192.168.0.200/32
>
> I dont, but you can skip the netmask if you want as long as the first IP
> is not ending in .0.
>
> The point is that the range expression in Squid can be used for networks
> as well as individual IP addresses.
>
> > Just one more question, you give an example below for a range:
> > 192.168.0.16-192.168.0.48/28
> > I can't make any sense whatsoever about the 28bits netmask here...
>
> The above range matches the networks
> 192.168.0.16/28
> 192.168.0.32/28
> 192.168.0.48/28
>
> As this is not a even power of two you cannot express it using a netmask
> alone.
>
> > I'm guessing you meant you 29 since that would leave 2^5=32 adresses and
>
> A 29 netmask is only 8 addresses (32 - 29 = 3, 2^3=8)
>
> --
> Henrik Nordstrom
> Squid hacker
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

Received on Tue Sep 26 2000 - 02:44:34 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:29 MST