# Netmasks

From a post I made a while back:

So what that means is that in binary this:

255.255.255.0

looks like 11111111.11111111.11111111.00000000

and if you add all those 1's up you get:

24

It helps if you can do math in binary. Which is probably one of the least useful skills a person can have. Its actually my 2nd least useful skill, my first is I can also read heiroglyphics. But I digress, the answer for your firewall netblocks question is you need 2 networks:

89.145.16.0/20 (89.145.16.1 - 89.145.31.254) 89.145.32.0/19 (89.145.32.1 - 89.145.63.254)

This is because TCP/IP is base 8, dividing each section of an IP address into an octet. We're dealing with subdividing a 16 bit network (2nd position), so we start all calculations from there. Cheat sheet:

bits 0 = 256 bits 1 = 128 bits 2 = 64 bits 3 = 32 bits 4 = 16 bits 5 = 8 bits 6 = 4 bits 7 = 2 bits 8 = 1

Forget about networks for a moment, and just do the math using into the largest group that fits into the above, in your case 89.145.16.0 - 89.145.64.0 is a total of 48 networks. So you need a block of 16 (4 bits) and a block of 32(3 bits) to get (16 + 32) 48. We're chopping up a class B (16 bit) network into smaller pieces so we start our math problem at 16. Using the network 89.145.16.0 as a jumping point, if we add 16 networks (or 4 bits) to our class B (16 bits) we get 16 + 4 = 20: 89.145.16.0/20 (89.145.16.1 - 89.145.31.254)

If you started at 89.145.32.0/20, you would be covering the network space from: 89.145.32.1 - 89.145.47.254

Another way to look at it is a 4 bit netmask breaks the network up into 16 pieces:
0-15
16-31
32-47
48-63
64-79
80-95
96-111
112-127
128-143
144-159
160-175
176-191
192-207
208-223
224-239
240-255

For the 2nd net block, I start at the IP 89.145.32.0, and add 32 networks to it. Again since we're playing in Class B (16 bit) network space, we start at 16, and add 3 bits (32 networks) to it: 16 + 3 = 19: 89.145.32.0/19 (89.145.32.1 - 89.145.63.254)

a 3 bit netmask breaks the network up into 8 pieces: 0-31 32-63 64-95 96-127 128-159 160-191 192-223 224-255

Confused yet? Oh and for your first question, while you can use .0 or .255 as IP addresses, it's not a good idea to use the starting or ending IP's for a netblock. This is because they are used for either defining the network (IE, 10.10.10.0/24 uses 10.10.10.0 to define the network) or for broadcasts on the network (10.10.10.255 is the broadcast IP).