PDA

View Full Version : Server Securitry IP-Range blocking



Soulman
2007-01-29, 04:58
The IP Range blocking alows to do something as


(f.e.) 192.166.198.0-50 to allow incomeing conntections from a range of IPs.

What I need to do is to allow from say 123.123.90.0 to 123.123.110.255

How Do I do that?

Something like

123.123.90.*-110.*
or
123.123.90-110
or
123.123.90.0-110.255

or is it not possible?

I do not want to do
123.123.*.* (which works and which is what I currently do... but this opens much more addresses then actually needed)

Hint for me anyone?

(Why do I need to do that? My server has a fixed IP and is in a center, while my Slimbox is behind a DSL line. This line resets every other night and gets a new IP from the address range 123.123.90.*-123.123.110.*)


(Please forgive all the "dos" and typos ... not my best day today)

Soulman
2007-02-09, 14:19
Hi,

thanks.

Static IP with dyn DNS?

As far as I understand dyn DNS they dont give you a static IP adresse but a dynamic DNS entry to changing IP adresses (hence the name).


Regarding your Tip... i know that. I read the manual you know? ;-)

Anyhow, that does NOT answer my specific question. The examples are always about number ranges WITHIN a class c boundery, while my needs exeed that.

Again:
What I need to do is to allow from say 123.123.90.0 to 123.123.110.255

It is not clear after reading the manual and the examples (as quotet in your post) whether this can be done or how.

The manual as well as your post says that this can be done:

aaa.bbb.ccc.* to cover aaa.bbb.ccc.0-255
or
aaa.bbb.ccc.*-255 to cover just the same range.

But I need to do this:

aaa.bbb.110.0 - aaa.bbb.200.255. As you can see, this spreads over 90 class c networks.

I can TRY the different logical notations to do that (as mentioned in my original post)... i only wondered if anybody KNOWS ;-)

Soulman
2007-02-09, 16:26
(Strange! There used to be a post from Mark Lancetot between my two posts... its gone now... Shortly after I reposted what now is post 2 in this thread.


THATS odd... Makes my second post look a bit silly now.)

Mark Lanctot
2007-02-09, 16:30
I deleted it because it was inaccurate.

Soulman
2007-02-09, 16:43
Ah,...okay.

erland
2007-02-09, 22:20
Are you talking about the setting in the SlimServer web interface ?

In that case, it looks like this would do the trick according to the samples beside the field in the web interface:
123.123.90-110.*
(I haven't verified that this works myself)

However, you shall be aware of that this will just limit access the SlimServer process. The rest of the open ports on the computer will still be wide open for everyone from everywhere. If you are going to make SlimServer available over internet I would seriously consider to either install a separate firewall on the computer or put a separate hardware router/firewall in front of SlimServer. If you are running SlimServer on Windows a separate firewall software or router is very important to secure the setup, Linux is a bit better as long as you know what you are doing.

Soulman
2007-02-18, 10:32
Hi,

Yes, its about the settings in the webinterface. And of course Im totally aware of the fact, that we are only talking about limiting access to the slimserver process itself, not a generall firewall replacement. (Running on a Mac btw)

About your suggestion: Well yes, there are at least 5 logical ways which pop up in ones mind after reading the manual.

I just wondered if someone KNOWS.


Well, I guess I have to figure it out myself. Thanks anyhow, will start with your suggestion.

Soulman
2007-03-09, 14:37
After testing a bit I can verify, that erlans notation actually does the job. Thanks.