Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP Calculators

Status
Not open for further replies.
SgtZim

SgtZim

MIS
Dec 2, 2002
18
0
0
US
Im running a postfix mail server on linux and have a need to take one IP address out of my trusted network to prevent relaying. So far as I can tell, postfix only knows what networds are trusted and doesnt have a way to explicitly not trust one. Here is the root of my problem. I need to trust 172.19.99.* all except 172.19.99.105

Is there any types of calculator out there that will tell me how to break this up easily? The way I did this before on a machine I needed to deny 172.19.64.1 and .2 on was to trust only:
172.19.64.3
172.19.64.4/30
172.19.64.8/29
172.19.64.16/28
172.19.64.32/27
172.19.64.64/26
172.19.64.128/25
This seems very cumbersome and Im hoping there is an easier way that Ive missed.
 
Sort by date Sort by votes
Go to solarwinds.net. They have a free subnet calculator.
 
Upvote 0 Downvote
I'm not quite sure I'm understanding all your notation here.

Do you have "x" machines on the 172.19.99.0 (mask 255.255.255.0)network and you want to deny a single machine, 172.19.99.105 from the mail server?

If this is the case, Then you can subnet the 172.19.99.0 network in to two. You will have subnet 172.19.99.0 mask 255.255.255.128 and subnet 172.19.99.128 mask 255.255.255.128. Your valid IP range for the first will be 172.19.99.1 - 172.19.99.125 and the range for the second will be 172.19.99.129 - 172.19.99.254. This was you can allow on subnet and deny the other.

HTH

 
Upvote 0 Downvote
Thanks for the replies, both give me more insight into how I need to do this. You are correct in that I need to allow everything on 172.19.99 and block 172.19.99.105. The 105 machine is the IP of the firewall and by taking 105 out of my trusted network it will prevent mail relay and allow the IP addresses of my internal clients to relay mail to outside email addresses. It doesnt appear that there is a simple way to really allow 172.19.99.0 - 104 and 106 - 255 just keeping 105 out without really chopping up the trusted network masks. Here is what ive come up with to be trusted:

172.19.99.32/27 allows .32 - .63 (subnet 255.255.255.224)
172.19.99.64/27 allows .64 - .95 (subnet 255.255.255.224)
172.19.99.96/29 allows .96 - .103 (subnet 255.255.255.248)
172.19.99.104 allows .104
172.19.99.106/31 allows .106 - .107(subnet 255.255.255.254)
172.19.99.108/30 allows .108 - .111(subnet 255.255.255.252)
172.19.99.112/28 allows .112 - .127(subnet 255.255.255.240)
172.19.99.128/24 allows .128 - .255(subnet 255.255.255.128)

I inherited this network and didnt have any say as to what whas assigned what IP when it was built or I would have just stuck the gateway into its own little world instead of having it smack in the middle of everything.
 
Upvote 0 Downvote
You may just want to add a reference in /etc/hosts.deny like this:

smtp : 172.19.99.105/255.255.255.255

It should block any connections to your machine from that host to your smtp port.
pansophic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CryptoTuke
  • Locked
  • Question
Maximum buffer size on Winsock for sending one block of data over TCP / IP
Replies
1
Views
176
maybeimaleo
maybeimaleo
jmarkus
  • Locked
  • Question
Can I have a different private IP address which isn't on my router's subnet?
Replies
6
Views
139
sbcsu
sbcsu
Demon Monkey
  • Locked
  • Question
Whitelisting varying IP address?
Replies
2
Views
124
SamBones
SamBones
uuunnniiixxx
  • Locked
  • Question
Fieldbus vs TCP/IP
Replies
2
Views
135
meneerB
meneerB
TheFaz_
  • Locked
  • Question
Sending udp packets from fpga to the computer using Lwip tcp/ip stack using C programming
Replies
0
Views
128
TheFaz_
TheFaz_

Part and Inventory Search

Sponsor

Back
Top