Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

PUblic IP Address rule

Posted on 2008-10-17
8
Medium Priority
?
485 Views
Last Modified: 2012-06-27
HI I want to create a rule on my firewall to controll traffic that comes from pc that has public ip address. I need help on to know what ip addresses and subnet i need to include in my policy inorder to cover all possible ip addrese
0
Comment
Question by:mzhaim
8 Comments
 
LVL 2

Expert Comment

by:devlex
ID: 22744940
Is this a firewall to the Internet or an internal firewall? If the traffic is coming in from the Internet, it should always have a public IP address. That being said, this is the range of private IP addresses:

10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255

You would need to include all other ranges or explicitly exclude these ones.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22746665
you might want to allow 127.0.0.0 through 127.255.255.255 also... they're good for testing, and don't really 'go' anywhere.

If you want to allow automatic addressing of ad-hoc wireless networks, you would allow 169.254.0.0 through 169.254.255.255, but that might not be a good idea... maybe make the rule and then disable it so when you're connecting via an ad-hoc network like that you can just enable it (then disable it agaiin when done).
0
 

Author Comment

by:mzhaim
ID: 22747217
hi can you tell me what are the ranges of  public  ip addresse

 
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 44

Expert Comment

by:Darr247
ID: 22748194
Per RFC 3330 unless otherwise specified

Public IPs                                  Private or reserved IPs
                                                 0.0.0.0 - 0.255.255.255 [reserved for 'this network' per RFC 1700]

1.0.0.0 - 9.255.255.255

                                                 10.0.0.0 - 10.255.255.255 [reserved for private IPs - RFC 1918]

11.0.0.0 - 126.255.255.255

                                                 127.0.0.0 - 127.255.255.255 [reserved for loopback - RFC 1700]
                                                 128.0.0.0 - 128.255.255.255 [currently reserved; subject to assignment when IPv4 runs out of space]

129.0.0.0 - 169.253.255.255

                                                 169.254.0.0 - 169.254.255.255 [ reserved for Link Local 'autoconfiguration' IPs

169.255.0.0 - 172.15.255.255

                                                 172.16.0.0 - 172.31.255.255 [reserved for private IPs - RFC 1918]

172.32.0.0 - 191.254.255.255

                                                 191.255.0.0 - 192.0.0.255 [currently reserved; subject to assignment when IPv4 runs out of space]

192.0.1.0 - 192.0.1.255

                                                 192.0.2.0 - 192.0.2.255 [reserved for 'TEST-NET']

192.0.3.0 - 192.88.98.255

                                                 192.88.99.0 - 192.88.99.255 [reserved for 6to4 relay anycast IPs - RFC 3068]

192.88.100.0 - 192.167.255.255

                                                 192.168.0.0 - 192.168.255.255 [reserved for private IPs - RFC 1918]

192.169.0.0 - 198.17.255.255

                                                 198.18.0.0 - 198.19.255.255 [reserved for testing network interconnect devices - RFC 2544]

198.20.0.0 - 223.255.254.255

                                                 223.255.255.0 - 233.255.255.255 [currently reserved; subject to assignment when IPv4 runs out of space]
                                                 224.0.0.0 - 239.255.255.255 [reserved for multicast - RFC 3171]
                                                 240.0.0.0 - 255.255.255.255 [reserved for future use - RFC 1700]

I presume you meant IPv4 only.  Though there are many compliant devices and applications, IPv6 is probably 2 years off yet (i.e. when ICANN runs out of IPv4 addresses to allocate).
0
 
LVL 5

Expert Comment

by:rexxus
ID: 22748202
The public ip address range is the opposite of mentioned above so, plus loopback addresses and multicast addresses:

1.0.0.0 - 9.255.255.255
11.0.0.0 - 126.255.255.255
128.0.0.0 - 171.31.255.255
172.32.0.0 - 192.167.255.255
192.169.0.0 - 223.255.255.255
0
 
LVL 44

Accepted Solution

by:
Darr247 earned 2000 total points
ID: 22748253
Reformatted for 'Premium' skin.
Per RFC 3330 unless otherwise specified

Public IPs                                  Private or reserved IPs
                                                 0.0.0.0 - 0.255.255.255 [reserved for 'this network' per RFC 1700]

1.0.0.0 - 9.255.255.255

                                                 10.0.0.0 - 10.255.255.255 [reserved for private IPs - RFC 1918]

11.0.0.0 - 126.255.255.255

                                                 127.0.0.0 - 127.255.255.255 [reserved for loopback - RFC 1700]
                                                 128.0.0.0 - 128.255.255.255 [currently reserved; subject to assignment                                                                               when IPv4 runs out of space]

129.0.0.0 - 169.253.255.255

                                                 169.254.0.0 - 169.254.255.255 [reserved for Link Local 'autoconfiguration'                                                              IPs]

169.255.0.0 - 172.15.255.255

                                                 172.16.0.0 - 172.31.255.255 [reserved for private IPs - RFC 1918]

172.32.0.0 - 191.254.255.255

                                                 191.255.0.0 - 192.0.0.255 [currently reserved; subject to assignment when                                                                                    IPv4 runs out of space]

192.0.1.0 - 192.0.1.255

                                                 192.0.2.0 - 192.0.2.255 [reserved for 'TEST-NET']

192.0.3.0 - 192.88.98.255

                                                 192.88.99.0 - 192.88.99.255 [reserved for 6to4 relay anycast IPs - RFC                                                                                          3068]

192.88.100.0 - 192.167.255.255

                                                 192.168.0.0 - 192.168.255.255 [reserved for private IPs - RFC 1918]

192.169.0.0 - 198.17.255.255

                                                 198.18.0.0 - 198.19.255.255 [reserved for testing network interconnect                                                                             devices - RFC 2544]

198.20.0.0 - 223.255.254.255

                                                 223.255.255.0 - 233.255.255.255 [currently reserved; subject to                                                                                                      assignment when IPv4 runs out of space]
                                                 224.0.0.0 - 239.255.255.255 [reserved for multicast - RFC 3171]
                                                 240.0.0.0 - 255.255.255.255 [reserved for future use - RFC 1700]

I presume you meant IPv4 only.  Though there are many compliant devices and applications, IPv6 is probably 2 years off yet (i.e. when ICANN runs out of IPv4 addresses to allocate).
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22748277
Man... there just is no such thing as formatting in this messageboard, I guess. I wish they'd enable tables in Rich Text.
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22753919
0.0.0.0/0 will cover every single ipv4 IP address...

Which is;
Network 0.0.0.0
Mask: 0.0.0.0

If you are denying, make sure you have some allow rules earlier on in you firewall rules.
What exactly are you trying to configure? iptables?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question