Basics


In order to understand the detailed operation of the FireBrick it is necessary to have a good basic understanding of IP networks, routing, and in particular the operation of ethernet networks, subnets and ARP. This section provides a brief overview of the basic principles, and covers the way in which these apply to the FireBrick generally.

For a more detailed introduction to IP networking, we recommend TCP/IP Illustrated, Volume 1, ISBN 0201633469 .

IP addresses

An IP address is normally shown in dotted quad notation, e.g. 192.168.42.1, but is in fact simply a 32 bit number. Dotted quad notation simply shows each of the bytes in the 32 bit (4 byte) address in decimal separated by a dot, so each part is 0 to 255. Normally, all devices connected using an IP network have an IP address, and a device with multiple interfaces will normally have one for each interface. As such do not consider the address to necessarily be the address of a computer, but the address of its ethernet interface.

The FireBrick allows IP addresses to be entered in dotted quad notation (or pure decimal). The FireBrick will display addresses in dotted quad notation, but has an option to show such addresses with zero padding. e.g. 192.168.042.001. This notation is convenient for aligning addresses above each other as it can give the address a fixed width (depending on the font). It is important to note that you cannot always use addresses with leading zeros in some applications, e.g. ping 192.168.042.001 on windows or linux will actually ping 192.168.34.1 as 042 and 001 are interpreted in octal !

Public IP addresses

Internet addresses are allocated in large blocks to regional internet registries which cover large geographic areas (e.g. Europe is covered by RIPE). Each regional registry allocates smaller blocks to local registries, typically an ISP. The local registry / ISP will assign smaller blocks or individual addresses to customers or dialup servers. Customers with small blocks then assign addresses to individual devices on their network.

As such, IP addresses are globally unique, and the job of your ISP is to ensure that any packet anywhere in the world sent to one of your addresses will reach your network. Similarly they ensure packets you send will reach the destination. They interconnect (peer) with other ISPs to exchange traffic destined for globally unique IP addresses. It is important to note that IP addresses do not belong to the end users, they are allocated to ISPs and assigned to users, but if you change ISP you will normally have to change IP addresses.

Private IP addresses

Global public IP addresses are limited, simply because there are only so many 32 bit numbers! As such they are managed carefully, and networks that do not need to have every machine addressable from the public internet do not need global public IP addresses. As such a number of addresses have been allocated for use in private networks. These private IP addresses will never be allocated to anyone, and so their use can never clash with publicly available addresses. Private addressed networks can still communicate with machines on the internet, but only via address translation or proxy as the private addresses are not valid on the public internet.

If you make a private network and need addresses, you must only ever use these reserved private addresses, otherwise the address you have picked may belong to someone, and you will effectively mask access to those addresses from your network. When setting up subnets on the FireBrick, the address block will be noted as public or private automatically as a reminder.
 
Private IP address ranges
Address block First Last
10.0.0.0/8 10.0.0.0 10.255.255.255
172.16.0.0/12 172.16.0.0 172.31.255.255
192.168.0.0/16 192.168.0.0 192.168.255.255

Funny IP addresses

IP addresses up to 223.255.255.255 are used for normal routed IP networking, from 224.0.0.0 they are special. You will find addresses 224.0.0.X often occurring on networks with large routers, as these are group addresses used to locate types of machines (e.g. any router). Unless you are using complex inter-router protocols, you can disregard (and drop) such packets in your FireBrick configuration.

The address 255.255.255.255 is a special address which means a local network broadcast. It is received by all machines on your subnet and is not routed to your ISP or other subnets.

It is worth noting that 127.X.X.X is also special in that it is normally directed to a local loop back interface. 127.0.0.1 is an address for yourself from most computers. It is not treated specially by the FireBrick in any way.

Subnets

A subnet is a group of IP addresses which are normally on one ethernet network. The subnet is defined using a netmask. This is a mask of bits in the IP address which define the part of the address that two IP addresses must have in common to be considered in the same subnet. As such, all devices on a subnet must have different IP addresses and the same subnet mask in order to work together.

You can have more than one subnet on the same actual ethernet network, but machines on one subnet cannot normally communicate with machines on the other subnet without using an intermediate device (a router) just as if they were in fact on two different networks. This is not a secure way or separating machines though as they could change IP address to fit in with a different subnet.

If communicating with a device on the same subnet, an ARP (see below) is used to talk to that device directly. If talking to a device on another subnet, then an ARP is used to locate a router which can talk to that other subnet.

The first and last addresses in a subnet are special in that they are treated as network and broadcast address and so cannot be used for devices on the subnet. This makes very small subnets (e.g. 4 address blocks) very inefficient.

Address Ranges and notation

A subnet is defined by a netmask, and this can be shown in a number of ways. e.g. 192.168.42.1 with a subnet of 255.255.255.0 means a range of addresses 192.168.42.0 to 192.168.42.255 are all on the same subnet. Where the subnet is only 255s and 0s, this simply means that the part of the IP addresses where there is a 255 must be the same and the part where there is a 0 may be different. So, 192.168.42.1 with subnet 255.255.0.0 is 192.168.0.0 to 192.168.255.255.

A subnet mask is always a number of bits which are common between IPs in the same subnet, and the remainder which can be different. So sometimes this is shown as a bit count. e.g. 192.168.42.1/24 means 24 bits of subnet, or a mask of 255.255.255.0.

Where the subnet mask is not a multiple of 8 (i.e. whole bytes), the mask is more complex, e.g. 192.168.42.1 netmask 255.255.255.240 is 28 bits and gives the range 192.168.42.0 to 192.168.42.15 (i.e. 16 addresses).

The FireBrick has a number of places where a range of addresses can be entered. In these cases the range need not be an exact subnet, so you could enter 192.168.42.1 to 192.168.42.5 for example. You can however enter a subnet mask in the second box (addresses that are valid subnet masks from 128.0.0.0 to 255.255.255.252 are treated as such), so you could enter 192.168.42.0 and 255.255.255.240 and get 192.168.42.0-15. You could also enter the bit count (any IP less than 0.0.0.33 is treated as a bit count and can be entered without the leading 0.0.0.).

So, the same range 192.168.42.0-15 could be entered as 192.168.42.0 to 192.168.42.15, or 192.168.42.0 and 28, or 192.168.42.0 and 255.255.255.240. Note that entering a mask or bit count will make the range start and end at the right point, so the above could be entered as 192.168.42.5 and 28 with the same effect (but 192.168.42.17 would be 192.168.42.16-31 as 17 is in the next block of 16).

The exception is the entry of subnets in the FireBrick where the second field must be a subnet, rather than just the end of a range, and the first part is the FireBrick's own IP address.

The FireBrick will normally display ranges of IPs using a hyphen, e.g. 192.168.42.0-15 or 192.168.0.0-255.255. If set to pad with leading zeros then it displays the range in full one line above the other, e.g. 192.168.042.000- above 192.168.042.015.

When displaying subnet settings, the bit count is shown as well as the actual IP used on the subnet, e.g. 192.168.42.1/28.
 
Use of common bit counts and subnet masks
Bit count Subnet mask Number of addresses
8 255.0.0.0 16,777,216
16 255.255.0.0 65,536
17 255.255.128.0 32,768
18 255.255.192.0 16,384
19 255.255.224.0 8,192
20 255.255.240.0 4,096
21 255.255.248.0 2,048
22 255.255.252.0 1,024
23 255.255.254.0 512
24 255.255.255.0 256
25 255.255.255.128 128
26 255.255.255.192 64
27 255.255.255.224 32
28 255.255.255.240 16
29 255.255.255.248 8
30 255.255.255.252 4

Ethernet and MAC

An ethernet network provides a way for a number of devices to communicate in a local area network. This normally uses 10/100baseT RJ45 connectors and hubs or switches, but could include thick or thin ethernet. The collection of devices sharing the same group of hubs and switches are all one ethernet.

Packets sent on the ethernet are basically either broadcast (every device gets it) or unicast (one device gets it). The later works by addressing the packet to a specific MAC (Media Access Control) address. All ethernet devices have a manufacturer defined unique MAC address, and you should never encounter a duplicate.

MAC addresses are 48 bit (6 bytes) and unlike IP addresses they are normally shown in hex. You may see them with colons between the bytes, e.g. 00:03:97:FF:00:09 but the FireBrick shows this as straight hex, e.g. 000397FF0009.

When sending packets to other devices on the same subnet it is assumed that the device is on the same ethernet. This is a key assumption in routing and ARP is used to find the MAC of the device with the require IP, and then packets are directed to that device.

When sending packets to other devices, a gateway or router is needed. ARP is used to find the MAC address of this gateway and the packet sent to that MAC address.

The FireBrick can display its cache of where it can see different MAC addresses on each of its two ethernet interfaces.

ARP

ARP is a system of finding MAC addresses. A broadcast message is sent asking a machine with a specified IP address to identify itself, and that machine replies. Devices will cache ARP replies and keep a note of where machines are for a limited period of time.

The FireBrick can display its ARP cache, showing the MAC address of IP addresses it has requested via ARP, or devices from which it has seen ARP replies.