[Shorewall-users] Slight problem with 8 Ip's addresses, using shorewall as router (dhcp ills as well)

Paul Gear paulgear@bigfoot.com
Sat, 27 Apr 2002 10:02:57 +1000


snurt@snurtsworld.co.uk wrote:

> Hi All,
>
>   Well, I've had a stab at this, but haven't managed to get it going just
>   right.
>   I now have a batch of 8 IP's on a /29 subnet.
>   My ISP has said, make your router 62.3.114.254
>   You cant use 62.3.114.248 or 62.3.114.249
>   62.3.114.250 - 253 are available to you.

8- or 4-length subnets are a bit of a waste, aren't they?

>   My linux box has booted up, and assigned its self on ppp0 to have
>     62.3.114.254, P-t-P of 62.3.82.2 and netmask of 255.255.255.255.

That netmask is for the PPP link itself.

>   I have setup my dhcpd to have:
>      A network address of 62.3.114.254, netmask of 255.255.255.255
>      An address range of 62.3.114.248 - 62.3.114.255
>      But it moans that address range 62.3.114.248 to 62.3.114.255 is not
>      on net     62.3.114.254/255.255.255.0

That is not going to work.  Your subnet is 62.3.114.248/29, which is equivalent
to 62.3.114.248/255.255.255.248.  The address range you should give it is
62.3.114.249-62.3.114.253.  I don't know why your ISP told you not to use .249 -
they don't seem to be using it for the PPP link, so you should have full use of
your /29.

>       Have also tried with netmask of 255.255.255.248

That should work fine.  Try it with a base address of 62.3.114.248 if it's not
working as-is.

> ...
>     My eth0 interface is setup as per the ppp0 interface, although it has
>     a broadcast address    of 62.255.255.255 (?) and a netmask of
>     255.255.255.248

The netmask is right, but the broadcast is definitely not.  Broadcast on that
LAN should be 62.3.114.255.

>     If i turn off dhcp my other pcs can ping the firewall router and use
>     the web.    So half the hurdle is the dhcp ide of it I think.

Most of it.  :-)  I think conflicting netmasks might be part of the issue, too.
The only netmask you should see on your LAN is 255.255.255.248 - 255.255.255.255
is for your PPP link only.

Paul
http://paulgear.webhop.net

P.S.  If anyone's interested in some basic reference material on netmasks and
the like, see my web page under the heading "Unix Networking Basics".