gnump3d-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnump3d-devel] allowed_clients trouble

From: Ross Mohn
Subject: Re: [Gnump3d-devel] allowed_clients trouble
Date: Wed, 13 Apr 2005 12:28:22 -0400 
On Fri, 2005-04-08 at 12:49 -0400, Ross Mohn wrote:
> I'm confused about the allowed_clients settings. 
> 
> snippet from /etc/gnump3d.conf:
> allowed_clients = 192.168.1.0/8; 127.0.0.1
> 
> with denied_clients commented out should stop everyone who isn't
> directly on my home network or PC. Instead, I seem to be blocking some
> folks but not others! As an experiment, with this setup, I get blocked
> from 166.84.1.2, but I get in without a hitch from 192.240.46.100.
> 
> snippet from /var/log/gnump3d/access.log
> gnump3d 166.84.1.2 - - [08/Apr/2005:16:34:59 +0000] "GET " 200 2952
> "-" "ELinks/0.10.3 (textmode; NetBSD 2.0 i386; 100x50-2)"
> gnump3d 192.240.46.100 - - [08/Apr/2005:16:36:24 +0000] "GET /" 200
> 10229 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
> FAHC; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"
> 
> What am I doing wrong?

As I suspected, the problem is that it should be /24 rather than /8!
After reading the source, I see that what basically happens is it masks
everything except the number of bits on the left, then does a <=
comparison. E.g. 
  192.168.1.0/8 --> 192.255.255.255
  if (192.240.46.100 <= 192.255.255.255) then allow client
  SUCCEEDS

Clearly /8 is not what we want! Here it is with /24:
  192.168.1.0/24 --> 192.168.1.255
  if (192.240.46.100 <= 192.168.1.255) then allow client
  FAILS

Much better! Please change the examples in the allowed_clients section
of /etc/gnump3d/gnump3d.conf so that:

  #  Only people on the same subnet, (class C):
< # allowed_clients = 192.168.2.0/8
> # allowed_clients = 192.168.2.0/24
...
  #  Everybody local, and one remote address:
< # allowed_clients = 192.168.2.0/8; 194.247.82.33
  #
  #  Everybody local, and one remote range:
< # allowed_client = 192.168.2.0/8; 194.237.82.0/8
> # allowed_client = 192.168.2.0/24; 194.237.82.0/24
...
  #  Usage is identical to the allowed clients above; eg:
  #
< #  denied_clients =  192.168.2.12; 192.168.2.25; 192.168.6.0/8
> #  denied_clients =  192.168.2.12; 192.168.2.25; 192.168.6.0/24

The downsampling examples correctly use /24 already.

Enjoy! -RPM
-- 
Ross Mohn
address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]