Linux HOWTO: NetMasks Explained

Linux ipnatctl HOWTO: Selecting What Packets To Mangle
If youre not familiar with the /-notation used for network addresses, it works like this.

Every machine needs an individual address. To keep things simple, we assign them in clumps; each network of machines generally gets a range of addresses.

A single IP address is 32 bits long: printed in binary has 32 binary digits, each 1 or 0. Its standard to print them as 4 decimal numbers, each representing 8 bits, such as `192.168.1.1. In binary, this would be `11000000101010000000000100000001.

To talk about a network of machines, we simply decide which bits of the address indicate the network: if two IP addresses have these bits the same, then they are on the same network.

The simplest way of representing this is the `/n notation, such as `192.168.1.0/24. The `/24 means that the first 24 bits of this address are important: remembering that each number represents 8 bits, this means that any IP address starting with `192.168.1. is on this network. As another example, `10.0.0.0/8 means that any IP address starting with `10. is on the network.

The second part usually called the netmask doesnt have to be a multiple of eight, but it often is, to make it easier to instantly recognise related IP addresses.

There is another way to write the netmask, and that is to spell it out in IP-address form, such as `192.168.1.0/255.255.255.0. In binary, 255 is `11111111, so 255.255.255.0 is `11111111111111111111111100000000. Each 1 in this netmask indicates that the corresponding part in the IP address is important: this means that the first 24 bits are important, so `192.168.1.0/255.255.255.0 is equivalent to “192.168.1.0/24.

Here is a table of common addresses you will see:

Decimal Range Use

192.168.1.0/24 192.168.1.0-192.168.1.255 Common in masqueraded networks
192.168.0.0/16 192.168.0.0-192.168.255.255 RFC 1918: private network addrs
10.0.0.0/8 10.0.0.0-10.255.255.255 RFC 1918: private network addrs
172.16.0.0/12 172.16.0.0-172.31.255.255 RFC 1918: private network addrs

This can be quite confusing, but youll see the same notation and the same numbers popping up over and over again, so I recommend you read the above paragraphs a couple of times.

4 comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s