Menu
▾
▴
Re: [IPCop-user] BUG in 1.4.11 aliases netmask ?
|
From: Franck H. <fh....@qu...> - 2007-01-31 15:41:37
|
Hi Tim ! Sorry for taking so long to answer, I just saw your message I confirm that there is no mistake in what I wrote: You can have a 255.255.255.255 netmask when you're on a point to =20 point connection. In this case, these are ADSL connections with single fixed IPs. It =20 seems weird indeed but it works. And in this particular example, here is the setup : Casablanca: a.b.c.200 -- NAT router -- 10.0.0.1 <----> =20 10.0.0.2 -- IPCOP -- 192.168.1.x Rabat : a.b.c.201 -- NAT router -- 10.0.0.1 <----> = 10.0.0.2 -- =20 IPCOP -- 192.168.10.x Agadir : a.b.c.202 -- NAT router -- 10.0.0.1 <----> = 10.0.0.2 -- =20 IPCOP -- 192.168.20.x Tangiers : a.b.c.203 -- NAT router -- 10.0.0.1 <----> 10.0.0.2 -- = =20 IPCOP -- 192.168.30.x as you can see, the IPCOPs' external interface has a 255.255.255.0 =20 netmask and they _should_ be able to alias to an address with a =20 255.255.255.255 netmask. Another possible use is when your ISP assigns additional addresses to =20= you, e.g.: ipcop has a .252 netmask (a.b.c.2, gateway a.b.c.3) and you order 16 =20 new IPs. your ISP will route them over through a.b.c.2. You need =20 therefore to be able to assign aliases with a .240 netmask, which is =20 impossible in the current version ... Cheers and thanks for the answer. On 19 d=E9c. 06, at 22:42, Tim Tuck wrote: > Franck Horlaville wrote: >> Hi all ! >> >> Is it just me or didn't anyone ever have problems with not being =20 >> able to set the netmask on Aliases ? >> >> I just found out the hard way that the netmask used when setting =20 >> an alias is 255.255.255.0 and that there is no way to change it ... >> >> my setup: >> >> I have different IPCops in different cities with public IPs a.b.c.=20 >> 200, 201, 202, 203 etc IPs and a netmask of 255.255.255.255. >> > Hi Frank, > > I think you might need to review your network layout to ensure =20 > correct routing between all your firewalls. I'd be surprised if the =20= > IP addresses of each firewall in each city are on the same network =20 > since that would make it one giant flat network ! > > 255.255.255.255 designates a single host, the interfaces of your =20 > IPcop boxes should have some other form such as 255.255.255.0 to =20 > designate a /24 aka Class C network or some other net range.. If =20 > you have a small number of external addresses, say 8, your external =20= > interface might be a /27 which is a netmask of 255.255.255.224. > > The smallest possible network is a network of 2 addresses with a =20 > netmask of 255.255.255.254 aka /31 > > With IPcop, ANY alias you assign to the external interface will =20 > adopt the netmask of the primary interface and should be a part of =20 > the net range assigned to the external interface. > > regards > > Tim > > --=20 > > VK2XTT :: BMARC :: WIA :: AMSAT :: QF56if > Franck Horlaville IT Manager |