The KISS principal really applies to networks...
-
I have missed the security problems in the above reply, it is modified. Please read it again.
Gotcha. It makes sense. If my router allowed a rule to be defined as such, would it be possible to explicitly block 192.168.1.[0-255]? Not that it sounds like the best idea in the world. I'm warming up to the idea of using 172.* instead of 192.168.*. There should be *no* way for the networks to see each other if they're working off of entirely different subnets.
-
Edumacate me: Wouldn't 172.16.x.x/16 and 192.168.0.0/16 allow for the same number of endpoints (65534), given that /16 essentially means a subnet mask of 255.255.0.0? I think I need to brush up on my subnet literature.
Right, they are the same, namely 256*256-2 (2 excluded are special ip addresses ends with 0 or 255).
-
Gotcha. It makes sense. If my router allowed a rule to be defined as such, would it be possible to explicitly block 192.168.1.[0-255]? Not that it sounds like the best idea in the world. I'm warming up to the idea of using 172.* instead of 192.168.*. There should be *no* way for the networks to see each other if they're working off of entirely different subnets.
It's likely that the firewalls in most routers are not that sophisticate that they can detect and exclude a subset of ip addresses from within a given set of the same in building default forwarding rules.