Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How PFSesne uses CIDR and slash notation

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      edziffel
      last edited by

      Not sure if this is the right forum so please move this to the right one if I got it wrong. :-)

      Got the book pfSense The Definitive Guide, Chirstopher Buechler, Jim Pingle.

      Page 12

      if you want to summarize 192.168.1.13 through 192.168.1.20, run cidr_range.pl as follows.

      cidr_range.pl 192.168.1.13 192.168.1.20

      192.168.1.13/32
      192.168.1.14/31
      192.168.1.16/30
      192.168.1.20/32

      The book did not explain this but moved on to more of the scripts usage.  No information was given as to the number of desired host ids or subnets.  Not sure how to interpret this.  192.168.1.13/32 the network ID?  All 1's subnet.  Same with 192.168.1.20/32- the broadcast ID?  Looks like only 4 available hosts on ./././16 - ./././19.

      How does PFSense interpret this?

      Ed

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        That means if you want to create a network alias that covers 192.168.1.13 through 192.168.1.20, you have to use the 4 listed CIDR ranges (two of which are single IPs, /32).

        1 Reply Last reply Reply Quote 0
        • E
          edziffel
          last edited by

          Whoa!  The man himself!  A firewall rock star!  Quite the honor as far as I'm concerned. 
          First let me thank you for the opportunity to use your superior software.  Been looking at solutions for some time and although far from an expert, it would seem to me that PFSense is clearly the top of its class/the standard by which to judge others.  Well done.

          Have not read the whole book yet so maybe this would be clear with more understanding.  Maybe I should read it all first, but don't like to gloss over items that may be material as my experience is that if you don't understand pg 12, pg 13 is going to get worse.  But back to my unworthy noob questions.

          Was clear in the book that /32 = 1 IP, /31 = 2 IP etc.  You had listed the tables on page 10, as well as that being fundemental to CIDR.  Also did some cross referencing as failed to understand what was presented on a practical level, as in how these slash noted IPs were processed by the PFSense software.  What I surmised (guessing makes my blood run cold) was that, where as something like 192.168.1.13/30 by itself might define a classless network range with 4 possible IPs, with 2 nodes/hosts, that the CIDR ranges generated by the cidr_range.pl script were for specific parameters used by PFSense hardware.  If that was/is the case, that the generated IPs are indeed treated as parameters by PFSense, then each of the generated IPs may correspond to a specific requirement for a given network, such as, the network ID, the gateway ID, the device/node/host range and the broadcast ID.

          Is that anywhere near to being on the right planet or do I need to start over with a different paradigm?  Again, maybe the answer is to finish reading the book and more or less wait until the end of the presentation and then ask questions.  Please don't hesitate to say so if that would seem a good idea to you.

          Thanks again,

          Ed

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Depends on the context of where you're using it (and those contexts are described in the other parts of the book where you can actually use such things). For instance a /30 configured on an interface is just a subnet with two usable IPs, one for the firewall and one usable for a connected client device. A /30 used in a firewall rule or alias defines 4 IPs matching that particular specification. A /30 in an IPsec phase 2 matches 4 IPs for the tunnel. A /30 static route or route in OpenVPN or similar routes 4 IPs as defined.

            1 Reply Last reply Reply Quote 0
            • E
              edziffel
              last edited by

              Thanks again cmb,

              Battle plan is to read through the material and play with it some.  No doubt can sort it out quick with some hands on.

              Ed

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.