Path: utzoo!attcan!uunet!ogicse!ucsd!ucbvax!NSIPO.NASA.GOV!medin
From: medin@NSIPO.NASA.GOV ("Milo S. Medin", NASA ARC NSI Project Office)
Newsgroups: comp.sys.proteon
Subject: Re: P4200 IP Router & access-control
Message-ID: <9009262312.AA13769@cincsac.arc.nasa.gov>
Date: 26 Sep 90 23:12:50 GMT
References: <6360@hub.ucsb.edu>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 23


Alan, I don't see what the problem is...  Use inclusive access control.

Unless I know your particular subnet numbers, I can't tell you what
masks to use however.  Note that your mask doesn't have to deal with
a subnet or network.  If you did the following:

128.111.128.0	FFFF8000	0.0.0.0		00000000 
0.0.0.0		00000000 	128.111.128.0	FFFF8000

I think you would get everything over subnet 128 to be allowed to talk
to the outside world.  Even if the 2 subnets aren't adjacent, it doesn't take
much to set it up.  Use the mask feature.  It's extremely powerful,
and the way Proteon implemented it is relatively efficient for forwarding
rates...  The manual isn't very nourishing in this area, but it's
terse and very concise, and tells you what you need to know.

With OSPF we now have variable length subnet masks, so we all need to
start thinking in terms of masking and matching for routing as well
as access control.

					Thanks,
					   Milo