[Shorewall-users] Slight problem with 8 Ip's addresses, using shorewall as router (dhcp ills as well)

Paul Gear paulgear@bigfoot.com
Sat, 27 Apr 2002 10:02:57 +1000

snurt@snurtsworld.co.uk wrote:

> Hi All,
>   Well, I've had a stab at this, but haven't managed to get it going just
>   right.
>   I now have a batch of 8 IP's on a /29 subnet.
>   My ISP has said, make your router
>   You cant use or
> - 253 are available to you.

8- or 4-length subnets are a bit of a waste, aren't they?

>   My linux box has booted up, and assigned its self on ppp0 to have
>, P-t-P of and netmask of

That netmask is for the PPP link itself.

>   I have setup my dhcpd to have:
>      A network address of, netmask of
>      An address range of -
>      But it moans that address range to is not
>      on net

That is not going to work.  Your subnet is, which is equivalent
to  The address range you should give it is  I don't know why your ISP told you not to use .249 -
they don't seem to be using it for the PPP link, so you should have full use of
your /29.

>       Have also tried with netmask of

That should work fine.  Try it with a base address of if it's not
working as-is.

> ...
>     My eth0 interface is setup as per the ppp0 interface, although it has
>     a broadcast address    of (?) and a netmask of

The netmask is right, but the broadcast is definitely not.  Broadcast on that
LAN should be

>     If i turn off dhcp my other pcs can ping the firewall router and use
>     the web.    So half the hurdle is the dhcp ide of it I think.

Most of it.  :-)  I think conflicting netmasks might be part of the issue, too.
The only netmask you should see on your LAN is -
is for your PPP link only.


P.S.  If anyone's interested in some basic reference material on netmasks and
the like, see my web page under the heading "Unix Networking Basics".