On Wed, Jan 19, 2000 at 04:49:00PM +0200, Ertan Kucukoglu wrote:
> > > acl allowed src 192.168.0.16-192.168.0.25/255.255.255.0
> > Are you sure this is valid and doing what you think it is? Perhaps it is
> I'm not sure. Because of that I posted my mail. :) It seems that it's
> not doing.
>
> > being misinterpreted as allowing your entire Class C network - could we
> > get an authoritative ruling on allowed ACL definitions, please? :)
I believe (from some similar experiments) that the subnet definition,
itself being a range, overrides any previous range specified - so
acl allowed src 192.168.0.16-192.168.0.25/255.255.255.0
is effectively equivalent to
acl allowed src 192.168.0.0/255.255.255.0
which is equivalent to
acl allowed src 192.168.0.0-192.168.0.255
> Sorry, I want to allow access to cache between numbers 192.168.0.16 and
> 192.168.0.25. And all other numbers should not use the cache.
I think this will work if you only use the range, like this:
acl allowed src 192.168.0.16-192.168.0.25
*or* if you express it as a combination of subnets, like this:
# 16-23 subnet
acl allowed src 192.168.0.16/255.255.255.248
# 24-25 subnet
acl allowed src 192.168.0.24/255.255.255.254
The first is a lot more readable.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr@lava.net
"An absolute monarch would be absolutely wise and good.
But no man is strong enough to have no interest.
Therefore the best king would be Pure Chance.
It is Pure Chance that rules the Universe;
therefore, and only therefore, life is good." - AC
Received on Wed Jan 19 2000 - 13:12:43 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:30 MST