LAN IP Range Rule
-
First time with any kind of actual firewall so please forgive me in advance if terminology is wrong or other obvious mistakes…
As of right now I just have everything blocked on the WAN side/tab. I'm setting up rules on the LAN tab allowing HTTP, email, a few IM services and such. In the DHCP server I set up IP addresses for each MAC address on my LAN with my own little sorting (ie: servers are 10.0.3.x and work stations are 10.0.5.x). I am wanting to make a rule for a IP range, because a file server with IP 10.0.3.x has no reason to access the internet on port 80. On the other hand I very much need/want 10.0.5.x to be able to access the internet on port 80.
Is this possible? TY for reading my question.
-
Yes, your addressing scheme actually makes it quite easy to do. When you are creating your allow rule for HTTP, set the Source to Network and set it to 10.0.5.0 / 24.
The slash 24 indicates only devices that have address that match the first three octets of the address you entered.
That way when a 10.0.3.x address attempts to get online, the traffic wont match that rule and pass down the list to the eventual implicit deny at the end if it doesn't match anymore rules. -
Well you answered about 20 of my questions with the " / 24 " part! Now all I wonder is where the actual number 24 comes from? Is there a way to make sure it only matches the first 2 octets or rather what would the / number be?
-
That's called subnetting and there are a lot of calculators that can help you do it if your not sure how. Just search for a subnet calculator.
Here are a few quick ones.
10.x.x.x would be /8 for the last three octects
10.0.x.x would be /16 for the last two octects
10.0.0.x would be the /24 would be the last octect -
Homework for MrVining: what is the subnet if you are given IP 10.0.0.147/26 ?