RE: Filtering private ip address
From: zou wei (zwzq@hotmail.com)
Date: Tue Oct 05 2004 - 21:02:49 GMT-3
Hi Scott:
should the ACL be "deny 172.16.0.0 0.15.255.255" instead of 172.0.0.0
0.15.255.255 otherwise 172.15.x.x will be denied too?
Thanks
Wei
>From: "Scott Morris" <swm@emanon.com> >Reply-To: "Scott Morris"
<swm@emanon.com> >To: "'Joseph D. Phillips'"
<josephdphillips@fastmail.us> >CC: "'Matthew Seppeler'"
<Matt.Seppeler@InetX.com>, "'zou wei'" <zwzq@hotmail.com>,
<ccielab@groupstudy.com> >Subject: RE: Filtering private ip address
>Date: Tue, 5 Oct 2004 16:55:31 -0400 > >That would be much better! >
>-----Original Message----- >From: Joseph D. Phillips
[mailto:josephdphillips@fastmail.us] >Sent: Tuesday, October 05, 2004
12:18 PM >To: Scott Morris >Cc: 'Matthew Seppeler'; 'zou wei';
ccielab@groupstudy.com >Subject: Re: Filtering private ip address > >The
correct ACL mask for that network is 0.15.255.255, n'est-ce pas? > >
>Scott Morris wrote: > > >If you use a 0.31.255.255 mask, you are going
to block everything from > >.0 through .31 in the B's range. You may
want to re-think your binary >there! > > > > > >Scott Morris, CCIE4
(R&S/ISP-Dial/Security/Service Provider) #4713, > >CISSP, JNCIP, et al. >
>IPExpert CCIE Program Manager > >IPExpert Sr. Technical Instructor >
>swm@emanon.com/smorris@ipexpert.net > >http://www.ipexpert.net > > > > >
> > >-----Original Message----- > >From: nobody@groupstudy.com
[mailto:nobody@groupstudy.com] On Behalf Of > >Matthew Seppeler > >Sent:
Tuesday, October 05, 2004 9:29 AM > >To: zou wei; ccielab@groupstudy.com
> >Subject: RE: Filtering private ip address > > > >Here you go. > > >
>access-list 1 deny 10.0.0.0 0.255.255.255 access-list 1 deny 172.0.0.0 >
>0.31.255.255 access-list 1 deny 192.168.0.0 0.0.255.255 access-list 1 >
>permit any > > > >Any fewer lines than this in trying to merge these
network addresses > >into one or two statements will end up excluding
more networks than you > >intend to filter. > > > >Matt Seppeler >
>InterNetwork Experts > >Email: mseppeler@inetx.com > > > > >
>-----Original Message----- > >From: zou wei [mailto:zwzq@hotmail.com] >
>Sent: Tuesday, October 05, 2004 2:48 AM > >To: ccielab@groupstudy.com >
>Subject: Filtering private ip address > > > >Hi: > > > >Could anyone
tell me how to filter private addresses using the least > >commands? > >
> >10.0.0.0 - 10.255.255.255 > >172.16.0.0 -
172.31.255.255 > >192.168.0.0 - 192.168.255.255 > > > >Thanks > > >
>Wei > > >
>-----------------------------------------------------------------------
> >- > > > >Don�t just search. Find. Check out the new MSN Search! > > >
>_______________________________________________________________________
> >Subscription information may be found at: >
>http://www.groupstudy.com/list/CCIELab.html > > >
>_______________________________________________________________________
> >Subscription information may be found at: >
>http://www.groupstudy.com/list/CCIELab.html > > >
>_______________________________________________________________________
> >Subscription information may be found at: >
>http://www.groupstudy.com/list/CCIELab.html >
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
------------------------------------------------------------------------
Rock, jazz, country, soul & more. Find the music you love on MSN Music!
This archive was generated by hypermail 2.1.4
: Sat Nov 06 2004 - 17:11:43 GMT-3