From owner-freebsd-security  Tue Aug  7  8:35:43 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.roe35.lth2.k12.il.us (unknown [209.175.240.58])
	by hub.freebsd.org (Postfix) with ESMTP id 3E84437B403
	for <freebsd-security@FreeBSD.ORG>; Tue,  7 Aug 2001 08:35:40 -0700 (PDT)
	(envelope-from dallen@roe35.lth2.k12.il.us)
Received: from dougs_laptop (dougs_laptop [209.175.240.20])
	by mail.roe35.lth2.k12.il.us (8.9.3/8.9.3) with ESMTP id KAA42625;
	Tue, 7 Aug 2001 10:39:10 -0500 (CDT)
	(envelope-from dallen@roe35.lth2.k12.il.us)
Message-ID: <200108071040440170.00CFFECC@mail.roe35.lth2.k12.il.us>
In-Reply-To: <E15U83q-0005IG-00@xi.css.qmw.ac.uk>
References: <E15U83q-0005IG-00@xi.css.qmw.ac.uk>
X-Mailer: Calypso Version 3.00.01.02 (1)
Date: Tue, 07 Aug 2001 10:40:44 -0500
From: "Douglas G. Allen" <dallen@roe35.lth2.k12.il.us>
To: "David Pick" <D.M.Pick@qmw.ac.uk>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ipfw question
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

David,

>However, *if* the two IP addresses are within the same subnet, then
>I do agree with you that they should have the same netmask. And should
>be on the same interface! Since the subnet mask in this case is
>255.255.255.192 it isn't clear from the "a.b.c.d" and "a.b.c.e" if
>the two addresses are in the same subnet or different but close
>subnets.

Both IP addresses are within the same subnet and are intended to be within=
 the same subnet.  In this instance, once everything is moved around and=
 loaded, d=3D60, e=3D43.  What it sounds like to me is that I need to set=
 the netmask on the alias to 255.255.255.192 and then have a set of=
 firewall rules for the true IP and the alias.  Does this sufficiently=
 clarify things?  I was under the impression that the alias had to have a=
 mask of 255.255.255.255 in order to work correctly.  Is my impression in=
 error??

						Doug


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message