Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Destination Address Range Error

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 3 Posters 996 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      amk
      last edited by

      Hi All,

      Been at this for hours now; I have setup wan load balancing and works great! Went ahead and Blocked DNS queries to external resolvers that too works perfect to resolve via OpenDns.

      My challenge is to block only certain part of the Ip range 192.168.2.20 - 192.168.2.254.

      I get an error - The following input errors were detected: 192.168.2.20-192.168.2.254 is not a valid destination IP address or alias.

      Using 2.2.6-RELEASE (amd64).

      Thanks.

      Error.JPG
      Error.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        I'm not sure if I understand what you're trying to do.  Are you running a bunch of DNS servers at 192.168.2.20 - 192.168.2.254?  Firewall rules affect traffic entering the interface, not leaving.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          that is not how you would put in a network.. if you subset of a network that is not on a specific mask.  Then you would need to create an alias that contains the range of IPs you want to block..  In your specific example see my attached

          So I create an alias, I put in the range, once you hit save it will create a list of each IP in that range.

          Then in your firewall rule you pick the alias name, in my case blockrange.

          But I am curious what your trying to accomplish exactly..  So you only want 192.168.2.1 to .19 to be able to query outside dns??  Its normally better to do an allow or block on the least number of entries.  So in your case you have only 1-19 that you want to allow so easier to create a allow for that range, and then just block everyone else.

          If you explain what you want to accomplish exactly and post up your current rules sure plenty of people willing to help you write the rules in the most efficient and logical manner possible.

          networkrangealias.png
          networkrangealias.png_thumb

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.