snurt@snurtsworld.co.uk
2002-Apr-26 18:13 UTC
[Shorewall-users] Slight problem with 8 Ip''s addresses, using shorewall as router (dhcp ills as well)
Hi All,
Well, I''ve had a stab at this, but haven''t managed to get it
going just
right.
I now have a batch of 8 IP''s on a /29 subnet.
My ISP has said, make your router 62.3.114.254
You cant use 62.3.114.248 or 62.3.114.249
62.3.114.250 - 253 are available to you.
My linux box has booted up, and assigned its self on ppp0 to have
62.3.114.254, P-t-P of 62.3.82.2 and netmask of 255.255.255.255.
I have setup my dhcpd to have:
A network address of 62.3.114.254, netmask of 255.255.255.255
An address range of 62.3.114.248 - 62.3.114.255
But it moans that address range 62.3.114.248 to 62.3.114.255 is not
on net 62.3.114.254/255.255.255.0
Have also tried with netmask of 255.255.255.248
I have made the mods to my shorewall conf - assigning the local_net IP in
my params as 62.3.114.254/29.
But I guess as I cant get my dhcp assigning my ip I cant get that far :(
My eth0 interface is setup as per the ppp0 interface, although it has
a broadcast address of 62.255.255.255 (?) and a netmask of
255.255.255.248
If i turn off dhcp my other pcs can ping the firewall router and use
the web. So half the hurdle is the dhcp ide of it I think.
I have emptied my masq file, which i no longer need :)
Aside from that ive made no other changes to my shorewall config :)
Thanks for any help, i guess it may be slightly ot ish with that
dhcp thing.
Andy
Paul Gear
2002-Apr-27 00:02 UTC
[Shorewall-users] Slight problem with 8 Ip''s addresses, using shorewall as router (dhcp ills as well)
snurt@snurtsworld.co.uk wrote:> Hi All, > > Well, I''ve had a stab at this, but haven''t managed to get it going just > right. > I now have a batch of 8 IP''s on a /29 subnet. > My ISP has said, make your router 62.3.114.254 > You cant use 62.3.114.248 or 62.3.114.249 > 62.3.114.250 - 253 are available to you.8- or 4-length subnets are a bit of a waste, aren''t they?> My linux box has booted up, and assigned its self on ppp0 to have > 62.3.114.254, P-t-P of 62.3.82.2 and netmask of 255.255.255.255.That netmask is for the PPP link itself.> I have setup my dhcpd to have: > A network address of 62.3.114.254, netmask of 255.255.255.255 > An address range of 62.3.114.248 - 62.3.114.255 > But it moans that address range 62.3.114.248 to 62.3.114.255 is not > on net 62.3.114.254/255.255.255.0That is not going to work. Your subnet is 62.3.114.248/29, which is equivalent to 62.3.114.248/255.255.255.248. The address range you should give it is 62.3.114.249-62.3.114.253. I don''t know why your ISP told you not to use .249 - they don''t seem to be using it for the PPP link, so you should have full use of your /29.> Have also tried with netmask of 255.255.255.248That should work fine. Try it with a base address of 62.3.114.248 if it''s not working as-is.> ... > My eth0 interface is setup as per the ppp0 interface, although it has > a broadcast address of 62.255.255.255 (?) and a netmask of > 255.255.255.248The netmask is right, but the broadcast is definitely not. Broadcast on that LAN should be 62.3.114.255.> If i turn off dhcp my other pcs can ping the firewall router and use > the web. So half the hurdle is the dhcp ide of it I think.Most of it. :-) I think conflicting netmasks might be part of the issue, too. The only netmask you should see on your LAN is 255.255.255.248 - 255.255.255.255 is for your PPP link only. Paul http://paulgear.webhop.net P.S. If anyone''s interested in some basic reference material on netmasks and the like, see my web page under the heading "Unix Networking Basics".