Solved

PUblic IP Address rule

Posted on 2008-10-17
8
458 Views
Last Modified: 2012-06-27
HI I want to create a rule on my firewall to controll traffic that comes from pc that has public ip address. I need help on to know what ip addresses and subnet i need to include in my policy inorder to cover all possible ip addrese
0
Comment
Question by:mzhaim
8 Comments
 
LVL 2

Expert Comment

by:devlex
ID: 22744940
Is this a firewall to the Internet or an internal firewall? If the traffic is coming in from the Internet, it should always have a public IP address. That being said, this is the range of private IP addresses:

10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255

You would need to include all other ranges or explicitly exclude these ones.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22746665
you might want to allow 127.0.0.0 through 127.255.255.255 also... they're good for testing, and don't really 'go' anywhere.

If you want to allow automatic addressing of ad-hoc wireless networks, you would allow 169.254.0.0 through 169.254.255.255, but that might not be a good idea... maybe make the rule and then disable it so when you're connecting via an ad-hoc network like that you can just enable it (then disable it agaiin when done).
0
 

Author Comment

by:mzhaim
ID: 22747217
hi can you tell me what are the ranges of  public  ip addresse

 
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22748194
Per RFC 3330 unless otherwise specified

Public IPs                                  Private or reserved IPs
                                                 0.0.0.0 - 0.255.255.255 [reserved for 'this network' per RFC 1700]

1.0.0.0 - 9.255.255.255

                                                 10.0.0.0 - 10.255.255.255 [reserved for private IPs - RFC 1918]

11.0.0.0 - 126.255.255.255

                                                 127.0.0.0 - 127.255.255.255 [reserved for loopback - RFC 1700]
                                                 128.0.0.0 - 128.255.255.255 [currently reserved; subject to assignment when IPv4 runs out of space]

129.0.0.0 - 169.253.255.255

                                                 169.254.0.0 - 169.254.255.255 [ reserved for Link Local 'autoconfiguration' IPs

169.255.0.0 - 172.15.255.255

                                                 172.16.0.0 - 172.31.255.255 [reserved for private IPs - RFC 1918]

172.32.0.0 - 191.254.255.255

                                                 191.255.0.0 - 192.0.0.255 [currently reserved; subject to assignment when IPv4 runs out of space]

192.0.1.0 - 192.0.1.255

                                                 192.0.2.0 - 192.0.2.255 [reserved for 'TEST-NET']

192.0.3.0 - 192.88.98.255

                                                 192.88.99.0 - 192.88.99.255 [reserved for 6to4 relay anycast IPs - RFC 3068]

192.88.100.0 - 192.167.255.255

                                                 192.168.0.0 - 192.168.255.255 [reserved for private IPs - RFC 1918]

192.169.0.0 - 198.17.255.255

                                                 198.18.0.0 - 198.19.255.255 [reserved for testing network interconnect devices - RFC 2544]

198.20.0.0 - 223.255.254.255

                                                 223.255.255.0 - 233.255.255.255 [currently reserved; subject to assignment when IPv4 runs out of space]
                                                 224.0.0.0 - 239.255.255.255 [reserved for multicast - RFC 3171]
                                                 240.0.0.0 - 255.255.255.255 [reserved for future use - RFC 1700]

I presume you meant IPv4 only.  Though there are many compliant devices and applications, IPv6 is probably 2 years off yet (i.e. when ICANN runs out of IPv4 addresses to allocate).
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 5

Expert Comment

by:rexxus
ID: 22748202
The public ip address range is the opposite of mentioned above so, plus loopback addresses and multicast addresses:

1.0.0.0 - 9.255.255.255
11.0.0.0 - 126.255.255.255
128.0.0.0 - 171.31.255.255
172.32.0.0 - 192.167.255.255
192.169.0.0 - 223.255.255.255
0
 
LVL 44

Accepted Solution

by:
Darr247 earned 500 total points
ID: 22748253
Reformatted for 'Premium' skin.
Per RFC 3330 unless otherwise specified

Public IPs                                  Private or reserved IPs
                                                 0.0.0.0 - 0.255.255.255 [reserved for 'this network' per RFC 1700]

1.0.0.0 - 9.255.255.255

                                                 10.0.0.0 - 10.255.255.255 [reserved for private IPs - RFC 1918]

11.0.0.0 - 126.255.255.255

                                                 127.0.0.0 - 127.255.255.255 [reserved for loopback - RFC 1700]
                                                 128.0.0.0 - 128.255.255.255 [currently reserved; subject to assignment                                                                               when IPv4 runs out of space]

129.0.0.0 - 169.253.255.255

                                                 169.254.0.0 - 169.254.255.255 [reserved for Link Local 'autoconfiguration'                                                              IPs]

169.255.0.0 - 172.15.255.255

                                                 172.16.0.0 - 172.31.255.255 [reserved for private IPs - RFC 1918]

172.32.0.0 - 191.254.255.255

                                                 191.255.0.0 - 192.0.0.255 [currently reserved; subject to assignment when                                                                                    IPv4 runs out of space]

192.0.1.0 - 192.0.1.255

                                                 192.0.2.0 - 192.0.2.255 [reserved for 'TEST-NET']

192.0.3.0 - 192.88.98.255

                                                 192.88.99.0 - 192.88.99.255 [reserved for 6to4 relay anycast IPs - RFC                                                                                          3068]

192.88.100.0 - 192.167.255.255

                                                 192.168.0.0 - 192.168.255.255 [reserved for private IPs - RFC 1918]

192.169.0.0 - 198.17.255.255

                                                 198.18.0.0 - 198.19.255.255 [reserved for testing network interconnect                                                                             devices - RFC 2544]

198.20.0.0 - 223.255.254.255

                                                 223.255.255.0 - 233.255.255.255 [currently reserved; subject to                                                                                                      assignment when IPv4 runs out of space]
                                                 224.0.0.0 - 239.255.255.255 [reserved for multicast - RFC 3171]
                                                 240.0.0.0 - 255.255.255.255 [reserved for future use - RFC 1700]

I presume you meant IPv4 only.  Though there are many compliant devices and applications, IPv6 is probably 2 years off yet (i.e. when ICANN runs out of IPv4 addresses to allocate).
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22748277
Man... there just is no such thing as formatting in this messageboard, I guess. I wish they'd enable tables in Rich Text.
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22753919
0.0.0.0/0 will cover every single ipv4 IP address...

Which is;
Network 0.0.0.0
Mask: 0.0.0.0

If you are denying, make sure you have some allow rules earlier on in you firewall rules.
What exactly are you trying to configure? iptables?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now