Quoting Michael J. McGillick ([EMAIL PROTECTED]):
> I'm setting up a NAT pool on a firewall. I think I understand now that
> the netmask is independent of the starting address for the network it is
> masking. Just to make sure my understanding is correct, if my network
> starts at, say, 192.168.1.80, I can't very well have a netmask of anything
> smaller than 80, right? This would mean I was trying to set up an IP
> range large than 255.
The netmask doesn't relate to the network address in this way. All the
netmask does is specify which part of the IP address is the network address
and which is the host address. Effectively this means it specifies the
number of hosts in the network (because you can only have as many host
addresses as are allowed by the number of host bits in the address).
Given a specific size network requirement, there are only some network
addresses that will fit that requirement. These are anything where
(( NOT netmask ) AND network-address ) = 0
(NOT should be the one's complement there, just to be clear).
This also means that given a network address of 192.168.1.80, the
only viable netmasks are 255.255.255.252, 255.255.255.248 and
255.255.255.240, for 4-, 8- and 16-host networks respectively (I've ignored
the 1- and 2-host ones since they're fairly degenerate cases).
Perhaps a few other examples would be more illuminating.
It's possible to split any network with a network address ending .0 (let's
say x.y.z.0) into two equal-size 128-address networks. In this case they
would have network addresses of x.y.z.0 and x.y.z.128. The netmask for both
would be 255.255.255.128.
If we wanted to split the same network into 4 64-address networks instead,
we'd have network addresses x.y.z.0, x.y.z.64, x.y.z.128 and x.y.z.192,
with a netmask of 255.255.255.192.
In all cases, the netmask (as a 32-bit value) is given by:
2^32 - <number of addresses in the subnet>
with the restriction that the number of addresses in the subnet must
itself be a power of two.
(To really put the icing on the cake, I guess I should mention that it's
also possible to split a network into multiple different size subnets, too.
All the same rules apply for each of the subnets.)
James.
--
"Yield to temptation -- | Consultancy: [EMAIL PROTECTED]
it may not pass your way again" | http://www.cloud9.co.uk/james
|
- Lazarus Long | James Fidell
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
