What are the correct NETMASKs for multiple interfaces in a StaticIP block?

GerianneMcC · 04-13-2008, 11:44 AM

Hi,

I'm connecting via PPPoE to my ISP (SBC).

I've a static IP /29 assigned to me (x.x.x.232 - x.x.x.239). I'm confused about assigning NETMASKs.

I'm making my primary ppp connection at interface

Code:

        ppp0, IP address = x.x.x.238

and setting up interface aliases of,

Code:

        ppp0:1, IP address = x.x.x.233
        ppp0:2, IP address = x.x.x.234
        ppp0:3, IP address = x.x.x.235
        ppp0:4, IP address = x.x.x.236
        ppp0:5, IP address = x.x.x.237

I'll be handling each interface ppp0 + ppp0:1-5 separately in my firewall.

Questions:

What should be the NETMASK for the primary 'ppp0'? /29 or /32?
And for each of the aliases?

If the right answer if ppp0 -> /29, & ppp0:# -> /32, should I ALSO create an alias ppp0:6, IP address = x.x.x.238 (same as ppp0 !?) but with a /32?

Thanks.

Geri :-)

jschiwal · 04-13-2008, 01:00 PM

Were you given a block of IP address?

GerianneMcC · 04-13-2008, 09:55 PM

Quote:

Originally Posted by jschiwal

Where you given a block of IP address?

I'm sorry -- What are you asking?

Geri :-)

jschiwal · 04-14-2008, 05:09 AM

I mispelled "were". Sorry. I fixed my post. I don't follow what all of these pppoe connection are for.

Were you given a block of static IP addresses? I think you indicated that you were.

There is a DSL Howto on the www.tldp.org website. http://tldp.org/HOWTO/DSL-HOWTO/ . There are different flavors you need to deal with. The modem might also contain an embedded router which would mean that you enter your credentials into the modem and it uses them to dial into the ISP. If the IP address you were given is a private address, then it sounds like the modem has an embedded NAT router. This will mean not having to deal with a PPP connection. ( why do I dislike ppp so much?).

Here is an example network configuration for a ppoe setup from the DSL howto:

Code:

$ route -n

Kernel IP routing table
Destination    Gateway      Genmask         Flags Metric Ref Use Iface
192.168.0.254  *            255.255.255.255 UH    0      0     0 eth1
208.61.124.1   *            255.255.255.255 UH    0      0     0 ppp0
192.168.0.0    *            255.255.255.0   U     0      0     0 eth1
127.0.0.0      *            255.0.0.0       U     0      0     0 lo
default        208.61.124.1 0.0.0.0         UG    0      0     0 ppp0


$ ifconfig
  
eth0    Link encap:Ethernet  HWaddr 00:A0:CC:33:74:EB
        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
        RX packets:297581 errors:0 dropped:0 overruns:0 frame:0
        TX packets:266104 errors:1 dropped:0 overruns:0 carrier:2
        collisions:79 txqueuelen:100
        Interrupt:10 Base address:0x1300

eth1    Link encap:Ethernet  HWaddr 00:A0:CC:33:8E:84
        inet addr:192.168.0.254  Bcast:192.168.0.255  Mask:255.255.255.0
        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
        RX packets:608075 errors:0 dropped:0 overruns:0 frame:0
        TX packets:578065 errors:0 dropped:0 overruns:0 carrier:0
        collisions:105408 txqueuelen:100
        Interrupt:9 Base address:0x1200

lo      Link encap:Local Loopback
        inet addr:127.0.0.1  Mask:255.0.0.0
        UP LOOPBACK RUNNING  MTU:3924  Metric:1
        RX packets:1855 errors:0 dropped:0 overruns:0 frame:0
        TX packets:1855 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:0

ppp0    Link encap:Point-to-Point Protocol
        inet addr:208.61.124.28  P-t-P:208.61.124.1  Mask:255.255.255.255
        UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
        RX packets:297579 errors:0 dropped:0 overruns:0 frame:0
        TX packets:266102 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:10

If you had a cable or router interface to the internet, and you are given a block of ip addresses, then the first IP address (with all zeroes in the part past the netmask) is the network address. The last one (all ones in the part after the netmask0 is the broadcast IP address. The second IP address is typically used for the router and is the gateway address. The rest are for the hosts. So the smallest subnet you can have will have a 255.255.255.252 netmask.

For ppp on the other hand, a netmask of all one's is typically used. I don't know what you would use if you are given a block of IP addresses. Their instructions seem to indicate that you should use a netmask of 255.255.255.248. You should really ask your ISP if that is correct. It sounds to me that your modem is a pppoe modem on the WAN input but a router connection on the LAN side. I'd be willing to bet that this modem's router has a gateway address of xxx.xxx.xxx.238. That IP address is the one missing from the IP block.
xxx.xxx.xxx.232 ( network address)
xxx.xxx.xxx.233 host1 (firewall IP eth0) for an example
xxx.xxx.xxx.234 host2 on LAN
xxx.xxx.xxx.235 host3 on LAN
xxx.xxx.xxx.236 host4 on LAN
xxx.xxx.xxx.237 host5 on LAN
xxx.xxx.xxx.238 router (gateway address)
xxx.xxx.xxx.239 (broadcast address)

GerianneMcC · 04-14-2008, 09:10 AM

Quote:

Originally Posted by jschiwal

I mispelled "were". Sorry. I fixed my post.

That's clearer now -- one letter makes all the difference :-)

Quote:

Originally Posted by jschiwal

I don't follow what all of these pppoe connection are for.

Were you given a block of static IP addresses? I think you indicated that you were.

Yes, I have a full /29 allocated to me.

I want to firewall/filter on each of those addresses separately. Those interfaces are *aliases* -- each one having one of the allocated IP adddresses assigned to it.

Quote:

Originally Posted by jschiwal

There is a DSL Howto on the www.tldp.org website.

Sure. It's one of the 1st things you find when you Google. Which I did, of course :-)

As far as I can tell, It does not deal with the scenario of multiple static IPs -- especially over PPP.

Quote:

Originally Posted by jschiwal

If the IP address you were given is a private address, then it sounds like the modem has an embedded NAT router. This will mean not having to deal with a PPP connection. ( why do I dislike ppp so much?).

A standard ISP-provided ADSL modem, which I have, maps all assigned IPs to a *single* lan-side (NAT) address. Not what I'm doing. So, the modem is in bridge mode, and a Linux-box serves as firewall -- and has the router tables that I'm asking about.

Quote:

Originally Posted by jschiwal

Here is an example network configuration for a ppoe setup from the DSL howto:

Again, for a single ppp interface ...

Quote:

Originally Posted by jschiwal

I'd be willing to bet that this modem's router has a gateway address of xxx.xxx.xxx.238. That IP address is the one missing from the IP block.

Often, that seems to be the case ... but not here. The ISP-assigned gateway addr is in a completely different C-block, assigned by the Redback @ pppoe 'up'.

Which leaves me, still, at my original questions abt the appropriate netmasks in a multiple IP, mutliple-aliased (as opposed to multilink PPP) scenario

Geri :-)

jschiwal · 04-15-2008, 06:35 AM

Since you are creating a virtual device for each IP address, I think you want a /32 bitmask for each one.