Help with CIDR notation

Hello all,

I run some hosts that span a rather strange range of IP addresses. I want to
convert the range into CIDR notation so that I can add these hosts to my
Linux hosts.allow/deny file.

The Class B address range that I have been alotted for my LAN is
p.q.r.120 to p.q.r.129

As I understand I can split these 10 IPs into 2 groups for the sake on CIDR
classification.
p.q.r.120 -> p.q.r.127 can be represented as p.q.r.120/29
and
p.q.r.128 -> p.q.r.129 can be represented as p.q.r.128/31


Can someone please comment if my understanding is correct. Is there any
other clean way to add these range of IPs to my allow/deny file?
Also I am not sure how to convert the range p.q.r.210 -> p.q.r.229 to CIDR
notation.

Thanks in advance for any pointers.

Regards,
Siddharth

On Sun, 07 Sep 2003 16:28:31 -0700, Siddharth Mathur wrote:

> Hello all,
>
> I run some hosts that span a rather strange range of IP addresses. I want to
> convert the range into CIDR notation so that I can add these hosts to my
> Linux hosts.allow/deny file.
>
> The Class B address range that I have been alotted for my LAN is
> p.q.r.120 to p.q.r.129
>
> As I understand I can split these 10 IPs into 2 groups for the sake on CIDR
> classification.
> p.q.r.120 -> p.q.r.127 can be represented as p.q.r.120/29
> and
> p.q.r.128 -> p.q.r.129 can be represented as p.q.r.128/31

Basically yes except you cannot have /31 as it would be a pointless range.
Remember each network (or subnet) MUST have a broadcast address and a
network address.. so in every network there are 2 ip addresses that cannot
be used for hosts. So in your above example you have lost 4 ip addresses
(the /31 would just be a broadcast and a network address so not terribly
useful).

Typically (as I understand it) the network address is the lowest possible
so p.q.r.120 is your network address and p.q.r.127 would be your broadcast
address.

> Can someone please comment if my understanding is correct. Is there any
> other clean way to add these range of IPs to my allow/deny file?
> Also I am not sure how to convert the range p.q.r.210 -> p.q.r.229 to CIDR
> notation.

from what I can tell that isn't a valid subnet range. A useful resource
I use is:

http://www.subnetonline.com/subcalc/subnet9.html

you can play to your hearts content and see how it all works and whats
valid etc

hope thats of some help

Graeme

> > As I understand I can split these 10 IPs into 2 groups for the sake on
CIDR
> > classification.
> > p.q.r.120 -> p.q.r.127 can be represented as p.q.r.120/29
> > and
> > p.q.r.128 -> p.q.r.129 can be represented as p.q.r.128/31
>
> Basically yes except you cannot have /31 as it would be a pointless range.
> Remember each network (or subnet) MUST have a broadcast address and a
> network address.. so in every network there are 2 ip addresses that cannot
> be used for hosts. So in your above example you have lost 4 ip addresses
> (the /31 would just be a broadcast and a network address so not terribly
> useful).


Thanks a lot Graeme for your answer. I am not worried about network and
broadcast addresses in my scenario.
All my computers are connected to the Departmental LAN, which uses p.q.r.*,
i.e 255 possible IP addresses.
Our research lab has been allowed the use of the 30 IPs I mentioned, but
they will still use the broadcast address p.q.r.255
I just want to prevent remote access from other computers in the LAN,
computers in other departments and computers from the 'outside' internet to
my Linux/Solaris boxes.
Is it still unwise to represent p.q.r.128 -> p.q.r.129 as p.q.r.128/31 ?
I am not sure if this network setup sounds reasonable overall, but as a
student I am trying to the best with what resource I have been given by the
Department!

Thanks much
Siddharth