In my quest to move on from MS I've been working my way through various Linux bits and bobs.. I've now got as far as iptables. I've read the how-tos and I've sussed out what I need to be doing (I think).

But there's one thing that confuses me, these subnet Addresses.. I've got IP addresses set up on my three machines (2 XP, 1 Linux Suse8.1) of 192.168.0.1 thru 3, with subnet masks of 255.255.255.0.

Now for the question. What is the subnet mask for? I've seen notation that reads 192.168.0/24. What does this actually mean? And if I use it in my iptables rules do I use the /24 or does my network work out to something else? Is it something to do with grouping the network? A bit like saying 192.168.0.1-192.168.0.3?

As ever gratitude is flowing to the helpful so all thoughts and useful links are relished..

spike...

You need to know basic subnetting, try the following.



http://www.ralphb.net/IPSubnet/

First of all, try www.learntosubnet.com. It’s a great online learning tool. If you work off a slow dialup connection like I do, you can buy a cd with the same information on it to study from.

As far as what subnetting is, in order to answer that, you have to know what ip addressing is and be more or less familiar with binary. Generally, there are three classes of ip addresses (this isn’t accurate, but it’s easier to learn by starting here). They are as follows:

Class A
Range 10.0.0.0 to 126.255.255.255
Default subnet 255.0.0.0
(127.0.0.0 is use for loopback so is not included in a class)
Class B
Range 128.0.0.0 to 191.255.255.255
Default subnet 255.255.0.0
Class C
Range 192.0.0.0 to 223.255.255.255
Default subnet 255.255.255.0

Each class is defined by how many network versus host addresses it supports. A class C address generally supports one network with 254 hosts. An ip address is defined in decimal by four groups of three digits, with each group or octet, separated by a dot (.).
Each octet in binary is a set of each digits. The Class C default subnet mask in binary is
11111111.11111111.11111111.00000000. The first three octets are the network address and the last octet is the host address. The “24” CIDR notation you mentioned is just a sort of shorthand for the subnet mask (the first three octets have 24 bits).

Why all this matters is that it makes it possible to create custom subnets from a single network address. Right now you are using a network address of 192.168.0.0/24. You have one network with 254 hosts (actually you can count out 256, but one is held for your network address and the last bit represents your broadcast address).

Let’s say you wanted to create a custom subnet mask, splitting your network into two. To do this, you have to “borrow” two bits (you can’t borrow just one…well, there’s an exception, but that’s more advanced) from the host octet and add them to your network address for a total of 26 bits. This would give you two networks containing 62 host addresses each (actually 64, but again, you have to reserve the first address for the network and the last for the broadcast). Subnetting allows you to “carve up” a single network into numerous networks.

I’ve tried to compress quite a bit of info into a short post so I’ve just barely scratched the surface. You’ll need to do more research and lab work before it will begin to make sense. Also try looking up: http://www.modemspeedtest.com/ipadd.htm for more info. Good luck on your studies.

Thanks for all the info.. very helpful..

and the last octet is the host address. The “24” CIDR notation you mentioned is just a sort of shorthand for the subnet mask (the first three octets have 24 bits).

That's true but CIDR stands for classless internet domain routing (if I remember correctly) which allows people to get out of the boundries of classful based IP addressing. But all in all good desc. :)

Agreed, ferreter. I used the term "CIDR" since it's a common reference for that type of notation (/24, /22, and so on...). Classless interdomain routing is another subject I'm not prepared to be so long winded about.:D