0

I was thinking of using this code to block access to public methods in my asp.net mvc application:

/// <summary>
/// Comma seperated string of allowable IPs with masks. Example "10.2.0.0;255.255.0.0,10.3.0.0;255.255.0.0"
/// </summary>
/// <value>The masked Ips.</value>
public string AllowedMaskedIPs { get; set; }

Excerpt taken from here.

But I was curious as to what is the difference between a masked ip and a single ip? Basically, what is a masked ip?

Community
  • 1
Xaisoft
  • 293
  • 3
  • 10

2 Answers2

1

A Masked IP in the context you mentioned is a network range, which in turn is the network address plus its subnet mask. One uses this to match all IP addresses from a particular network.

Example from the link you posted:

10.2.0.0;255.255.0.0, CIDR Notation: 10.2.0.0/16

% ipcalc 10.2.0.0/255.255.0.0
Address:   10.2.0.0             00001010.00000010. 00000000.00000000
Netmask:   255.255.0.0 = 16     11111111.11111111. 00000000.00000000
Wildcard:  0.0.255.255          00000000.00000000. 11111111.11111111
=>
Network:   10.2.0.0/16          00001010.00000010. 00000000.00000000
HostMin:   10.2.0.1             00001010.00000010. 00000000.00000001
HostMax:   10.2.255.254         00001010.00000010. 11111111.11111110
Broadcast: 10.2.255.255         00001010.00000010. 11111111.11111111
Hosts/Net: 65534                 Class A, Private Internet

The example given matches all hosts between (and including) 10.2.0.0 and 10.2.255.255.

Have a look at the Wikipedia article on subnetting for a more detailed explanation.

fuero
  • 9,413
  • 1
  • 35
  • 40
  • Thanks, Out of curiousity, does this example in the code I provided: `192.168.2.0;255.255.255.0` match all hosts between 192.168.2.0 and 192.168.2.255? I noticed you are using some program called ipcalc? I am on windows, is there some similar program that will show me the range? – Xaisoft Oct 16 '13 at 15:04
  • Nevermind the second question, I actually just downloaded it, however, when I put in IP 10.2.0.0 and Netmask 255.255.0.0, the first host was 10.2.0.1 and the last was 10.2.255.254. In your answer you mentioned it includes 10.2.0.0 and 10.2.255.255 – Xaisoft Oct 16 '13 at 15:07
  • No, because the last address is reserved for broadcasts messages over the whole subnet (like ARP/DHCP requests). Just as the very first (.0) is reserved for the network. – mveroone Oct 16 '13 at 17:41
0

A single IP is similar to a masked ip with a mask of 255.255.255.255 or /32 in CIDR notation.

A masked IP is, in this case, a subnet definition.

10.2.0.0;255.255.0.0

means 10.2.0.0/16 which are all addresses from 10.2.0.0 to 10.2.255.255 (including network and broadcast addresses)

mveroone
  • 447
  • 7
  • 22
  • so is a masked ip a range of ips? What does /32 CIDR mean and /16? – Xaisoft Oct 16 '13 at 14:34
  • That's the number of bits, startingg from the left, that are part of the network, out of the 32 bits of an IPv4 address. The other part is the device address. – mveroone Oct 16 '13 at 17:40