Destination Address Range Error



  • Hi All,

    Been at this for hours now; I have setup wan load balancing and works great! Went ahead and Blocked DNS queries to external resolvers that too works perfect to resolve via OpenDns.

    My challenge is to block only certain part of the Ip range 192.168.2.20 - 192.168.2.254.

    I get an error - The following input errors were detected: 192.168.2.20-192.168.2.254 is not a valid destination IP address or alias.

    Using 2.2.6-RELEASE (amd64).

    Thanks.




  • I'm not sure if I understand what you're trying to do.  Are you running a bunch of DNS servers at 192.168.2.20 - 192.168.2.254?  Firewall rules affect traffic entering the interface, not leaving.


  • Rebel Alliance Global Moderator

    that is not how you would put in a network.. if you subset of a network that is not on a specific mask.  Then you would need to create an alias that contains the range of IPs you want to block..  In your specific example see my attached

    So I create an alias, I put in the range, once you hit save it will create a list of each IP in that range.

    Then in your firewall rule you pick the alias name, in my case blockrange.

    But I am curious what your trying to accomplish exactly..  So you only want 192.168.2.1 to .19 to be able to query outside dns??  Its normally better to do an allow or block on the least number of entries.  So in your case you have only 1-19 that you want to allow so easier to create a allow for that range, and then just block everyone else.

    If you explain what you want to accomplish exactly and post up your current rules sure plenty of people willing to help you write the rules in the most efficient and logical manner possible.