need help about ip?

Taking care of your Linux box.

need help about ip?

Postby newuser » Wed Jun 30, 2004 11:03 am

Hello again thanks for your kind help in delay pools i can understand some of the delay pools
can anybody please tell me about that ip i am going to see
192.168.0.1/24 and something like that what is /24 in this ip and how can i understand such ips..
moreover can you please help me about IPTABLES
i have seen different examples in SQUID as one is below

/sbin/iptables -A FORWARD -s 192.168.1.1/24 -d ! 192.168.1.1 --dport 3128 -p TCP -j DROP

how can i understand its switches and understand the complete Iptables structure i shall be thankful to you...
bye
newuser
Naik
 
Posts: 55
Joined: Tue Jun 29, 2004 7:26 pm
Location: Multan

Postby wacky » Wed Jun 30, 2004 1:05 pm

From the man page for iptables:

-s, --source [!] address[/mask]
Source specification. Address can be either a network name, a hostname (please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea), a network IP address (with /mask)], or a plain IP address. The mask can be either a network mask or a plain number, specifying the number of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0. A "!" argument before the address specification inverts the sense of the address. The flag --src is an alias for this option.
wacky
Naik
 
Posts: 94
Joined: Thu Jun 10, 2004 7:42 pm
Location: London, UK

BACK AFTER A LONG TIME

Postby we » Wed Jun 30, 2004 4:43 pm

ALTHOUGH VERY MUCH CLEARED BY WACKY.....MORE MAY HELP YOU MORE....

IF YOU CAN HAVE SOME STUDY ABOUT IP ADDRESS AND ITS CLASSES WILL BE EASY TO LEARN/GET PROFESSIONALS SOLUTIONS/ANSWERS

YOUR GIVEN IP ADRESS IS FROM C CLASS WHICH BY DEFAULT HAS SUBNET MASK 255.255.255.0
AS DESCRIBED BY WACKY OUT OF 32 BITS, 24 BITS ARE ON (1) AND REST OF 8 BITS ARE OFF (0), ACTUALLY YOU NEED TO CONVERT IP ADDRESS INTO BINARY FROM THEN YOU CAN GET SUBNET MASK EASILY.

/sbin/iptables -A(ACTION HAPPENING) FORWARD -s(SORCE) 192.168.1.1/24 -d(DESTINATION) ! 192.168.1.1 --dport 3128 -p(PROTOCOL) TCP -j(ACTION TAKEN) DROP
Regards
EKF
+971 50 7861136
we
Lance Naik
 
Posts: 43
Joined: Wed Jan 21, 2004 6:36 pm
ICQ: 32164473
WLM: ekfarooqui@msn.com
Yahoo Messenger: ekfarooqui@yahoo.com
Location: Dubai, UAE

thanks for help

Postby newuser » Wed Jun 30, 2004 10:49 pm

HI agaIn!
thanks for your kind help
is there is any web or PDF file located for help about iptables where i can see its complete help sources, actions, functions etc. etc.
thanks again
newuser
Naik
 
Posts: 55
Joined: Tue Jun 29, 2004 7:26 pm
Location: Multan

iptables

Postby zoltronuga » Thu Jul 01, 2004 3:21 am

in a very simplist way whan you say 192.168.1.1/24 in reality you are meaning all ips from 192.168.1.0 to 192.168.1.255

ip's with the form 192.168.xxx.xxx are ips of a local network.

if you want to learn about iptables (its kind of a firewall with a few more options) check these out

http://www.linuxforum.com/linux_tutorials/6/1.php
http://iptables-tutorial.frozentux.net/ ... orial.html
http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/
http://www.yolinux.com/TUTORIALS/LinuxT ... teway.html
and you can allways see "man iptables"
your particular line

Code: Select all

/sbin/iptables -A FORWARD -s 192.168.1.1/24 -d ! 192.168.1.1 --dport 3128 -p TCP -j DROP


says that the packets to be forwarded (-A FORWARD) from any local network pc (-s 192.168.1.1/24) and NOT destinated to a particular one (maybe the one who connects directly to the net (-d ! 192.168.1.1) at the particular port 3128 (--dport 3128) should be dropped/deleted (-j DROP)

note that this also refers only to the tcp connections (-p TCP). so all packets sent by udp may or not pass. it will depend of the other iptables rules.

check your rules using

Code: Select all

iptables-save
zoltronuga
Lance Naik
 
Posts: 16
Joined: Wed Aug 27, 2003 4:22 pm
Location: pt


Return to “%s” Administration

Who is online

Users browsing this forum: No registered users and 1 guest