Howto set an IP address range into rules of iptables

Discussion in 'Linux Networking' started by Terry Ho, Aug 25, 2003.

  1. Terry Ho

    Terry Ho Guest

    I tried the following instructions:

    iptables -A FORWARD -s 192.168.0.200-192.168.0.240 -d 0/0 -p tcp -j ACCEPT
    iptables -A FORWARD -s 192.168.0.200-192.168.0.240 -d 0/0 -p udp -j ACCEPT
    iptables -A FORWARD -s 0/0 -d 192.168.0.200-192.168.0.240 -p tcp -j ACCEPT
    iptables -A FORWARD -s 0/0 -d 192.168.0.200-192.168.0.240 -p udp -j ACCEPT

    It appears error. Error message is:

    iptables v1.2.5: host/network `192.168.0.200-192.168.0.240' not found
    Try `iptables -h' or 'iptables --help' for more information.

    Would you tell me how to set an IP address range into rules of iptables?
    Thank you very much!
     
    Terry Ho, Aug 25, 2003
    #1
    1. Advertisements

  2. Terry Ho

    Saikat Guha Guest

    You need to specify using the address/mask format

    try
    192.168.0.200/29 (for 200 - 207)
    192.168.0.208/28 (for 208 - 223)
    192.168.0.224/28 (for 224 - 239)
    192.168.0.240/32 (for 240 - 240)

    So each of your lines above will result in 4 lines -- one for each of the
    above address/mask combinations

    -- Saikat
     
    Saikat Guha, Aug 25, 2003
    #2
    1. Advertisements

  3. Terry Ho

    Terry Ho Guest

    Thank you very much! But I have one question.
    I understand
    But I don't understand
    Why use network mask 28 bits? I think the network mask is 27 bits. Is it
    right? ^-^
     
    Terry Ho, Aug 25, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.