LAN IP Range Rule
First time with any kind of actual firewall so please forgive me in advance if terminology is wrong or other obvious mistakes…
As of right now I just have everything blocked on the WAN side/tab. I'm setting up rules on the LAN tab allowing HTTP, email, a few IM services and such. In the DHCP server I set up IP addresses for each MAC address on my LAN with my own little sorting (ie: servers are 10.0.3.x and work stations are 10.0.5.x). I am wanting to make a rule for a IP range, because a file server with IP 10.0.3.x has no reason to access the internet on port 80. On the other hand I very much need/want 10.0.5.x to be able to access the internet on port 80.
Is this possible? TY for reading my question.
Yes, your addressing scheme actually makes it quite easy to do. When you are creating your allow rule for HTTP, set the Source to Network and set it to 10.0.5.0 / 24.
The slash 24 indicates only devices that have address that match the first three octets of the address you entered.
That way when a 10.0.3.x address attempts to get online, the traffic wont match that rule and pass down the list to the eventual implicit deny at the end if it doesn't match anymore rules.
Well you answered about 20 of my questions with the " / 24 " part! Now all I wonder is where the actual number 24 comes from? Is there a way to make sure it only matches the first 2 octets or rather what would the / number be?
That's called subnetting and there are a lot of calculators that can help you do it if your not sure how. Just search for a subnet calculator.
Here are a few quick ones.
10.x.x.x would be /8 for the last three octects
10.0.x.x would be /16 for the last two octects
10.0.0.x would be the /24 would be the last octect
Homework for MrVining: what is the subnet if you are given IP 10.0.0.147/26 ?