This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Non continuous ip range definition

Hi all from Spain.

I need to define a IP range object based only in the third digit/octect. The goal is a list of all "22" IP of each /24 network on a /16 set.

Example: 10.66.1.22 to 10.66.254.22

The fw allows me to create a ip range definition with those values, but ¿is it interpreting it as 10.66.1-254.22 or is it including also 10.66.1.[23,24,25...]?

We need to expose that range on a IPsec, and using a /16 network (10.66.0.0), and I thing is too much wide for only a few hosts :-(

If this is not possible, ¿any ideas?

Thank you all.



This thread was automatically locked due to age.
  • Hi Carlos,

    Thanks for reaching out to Sophos Community.

    Let me know if I understand your situation correctly, what you want is a network scheme of 10.66.x.22 to 10.66.254.22 on a /16 subnet? 

    This would not be possible as the usable hosts for a /16 on this given subnet is from 10.66.0.1 - 10.66.255.254

    How much usable address do you need for each subnet? you might want to settle to a much lower scope such as /27 up to /30 (which is good for a point-to-point setup as this only has 2 usable addresses, 1 network address, and 1 broadcast)

    e.g. 

    Name: "Connection 1"

    Network add: 10.66.0.0 

    Usable host: 10.66.0.1 - .2

    Broadcast: 10.66.0.3

    subnet: 255.255.255.252

    "Connection 2"

    Net add: 10.66.0.4

    usable: 10.66.0.5 - .6

    broadcast: 10.66.0.7

    and so forth...

    Hope this helps. Have a nice day and thank you for choosing Sophos.

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • In theory a range 10.68.0.22 with netmask 255.255.0.255 should do. However most IP stacks (as the one in Linux) rely on the "continuous number of one bits" without gap and reject such a bit mask.

    If that's the case your best bet is "group of addressees" 10.68.1.22, 10.68.2.22,... (best generated with a script and used on the CLI to avoid typing).