[Koha] Sort of OT: configuring UFW

asakovich at hmcpl.org asakovich at hmcpl.org
Fri May 29 05:45:08 NZST 2020


One of the easiest IP network calculators to use on the web that I’ve found is at 

  http://www.subnet-calculator.com/subnet.php?net_class=B

Put in an IP address, select the right range, and play with the number of bits of masks to see what the resulting groups are that you can get. This form is JS powered, so there’s no submitting and reloading pages to recalculate — it happens as soon as you change a field value.

With masks, you’ve got to remember that the ranges you’re working with are based in binary, so multiples of 1, 2, 4, 8, 16, etc are going to work a whole lot easier than 1, 10, or 100 decimal.

For example, you first query:

192.168.x.x 

is easily handled by 

192.168.0.0/16.

However, things get complex when you start thinking in terms of decimal and try to map that to binary. So while it’s easy for humans to grok your next request:

192.168.22-65.*

Thinking in terms of binary, 22 = 16+4+2. Yuck.

192.168.22.0/23 = 191.168.22.1 - 191.168.23.254
192.168.24.0/21 = 191.168.24.1 - 191.168.31.254
192.168.32.0/19 = 191.168.32.1 - 191.168.63.254
192.168.64.0/23 = 191.168.64.1 - 191.168.65.254

Yes, you need all 4 of those masks to fill up the whole range. Using the aforementioned calculator, I started off with your base address (192.168.22.0) and kept shrinking the number of bits in the mask until the resulting range fell outside of your desired results (from 24 down to 23 — once I switched to 22 bits, the 192.168.22 subnet dropped to a 192.168.16 range — too far!) Go ahead and try it — put 192.168.22.0 in the IP Address field, and start reducing the number of Mask Bits from 24, to 23, and then 22, keeping an eye on the Host Address Range results.

Next, take the next range up (we ended the first range with 192.168.23, so start at 192.168.24.0) and keep shrinking the mask to increase the range of available hosts until you again go one bit too far and the resulting range falls outside your desired results.

Lather, rinse, repeat, until you have all your subnets.

Hope this makes sense!
Aaron
--
Aaron Sakovich
Internet and Technology Services Manager

Huntsville-Madison County Public Library
915 Monroe Street | Huntsville, Alabama 35801 | https://hmcpl.org/




> On May 28, 2020, at 12:08, King, Fred <Fred.King at medstar.net> wrote:
> 
> My apologies for posting a question that's not exactly Koha-related, though could be. I'm hoping that someone here can explain in a way that a simple medical librarian and part-time Koha geek can understand, or point me to a source that can. Yes, I checked the man page.
> 
> What I want to do us use UFW (Uncomplicated Firewall) on Ubuntu to allow access to only permitted IP addresses. I can add one IP address without a problem:
>   sudo ufw allow from 192.168.1.115 to any port 80
> 
> I think I know how to add a range consisting of anything beginning with 192.168.1.*:
>   sudo ufw allow from 192.168.1.0/24 to any port 80
> (Please correct me if I'm wrong.)
> 
> What I need to do is allow access from the range
>   192.168.*.*
> or something like this
>   192.168.22-65.*
> or 192.138.187-189.*
> 
> Any ideas or sources of information?
> 
> Thanks,
> 
> --Fred
> 
> Fred King, MSLS, AHIP
> Medical Librarian, MedStar Washington Hospital Center
> fred.king at medstar.net<mailto:fred.king at medstar.net>
> 202-877-6670
> ORCID 0000-0001-5266-0279
> MedStar Authors Catalog: http://medstarauthors.org
> 
> I was singing the blues when I was six. Kind of sad, eh?
> --Harry Dean Staunton
> 
> ----------------------------------------------------------------------
> MedStar Health is a not-for-profit, integrated healthcare delivery system, the largest in Maryland and the Washington, D.C., region. Nationally recognized for clinical quality in heart, orthopaedics, cancer and GI.
> 
> IMPORTANT: This e-mail (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. If you received this e-mail in error, please delete it from your system without copying it and notify sender by reply e-mail, so that our records can be corrected... Thank you.
> 
> Help conserve valuable resources - only print this email if necessary.
> 
> 
> _______________________________________________
> 
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha



More information about the Koha mailing list