[Courses] [Security] Firewalls: Ipchains syntax and implementation

jennyw jennyw at dangerousideas.com
Mon Apr 8 16:15:22 EST 2002


On Mon, Apr 08, 2002 at 04:28:12PM -0400, Malcolm-Rannirl wrote:
> I was actually meaning to ask someone about this. Why is the .0 address 
> special? (We have a server at work that's at 10.128.0.0, which I'm guessing 
> from the above is a bad thing).

The way I learned it (caveat: this was a while ago) is that 0 means
unknown and 255 is broadcast.  In really old implementations, 0 could have
meant broadcast, too, so it's generally avoided.

The /n just delineates your network id from your node.  For example, /24
would mean that the first 24 bits determine your network id (kind of like
a telephone country code), and the remaining 8 bits determine your node on
that network (kind of like your phone number).

If an ISP gave you a CIDR block a.b.c.d/24, you could also subnet this
further by having several subnets.  For example, if you wanted a bunch of
really small networks, you could use /30. This would let you use the first
6 bits as your subnet ID and the last two bits as the id for nodes on each
subnet. Going with the phone analogy, the first 24 bits would be the
country code, the next 6 bits would be your area code, and the last
numbers would be the rest of the phone number (what you would hand out to
your neighbors).

The way I learned it (and this may have changed) if all the node bits are 
set to 1 (this would be 255, in the case of a /24 or Class C network), 
that means that you want to send a broadcast to your subnet.  This is why 
in a typical Class C scenario you see people use addresses 1 through 254, 
but skip 0 and 255.

Jen



More information about the Courses mailing list