iis security: I would like to deny access to computers from 102.168.0.0 - 102.168.254.254 with a subnet mask of 255.255.255.0

When I enter in 102.168.0.0 with subnet mask 255.255.255.0 - it does not deny.

when I enter in 102.168.0.0 subnet 255.255.0.0 it DOES DENY.

My iis server is on subnet 255.255.0.0, but I don't think that is the reason. ANY EXPLANATION WOULD BE GREATLY APPRECIATED!!

So then I would put in A GROUP of ip with the ip being 102.168.0.0 with WHAT? subnet mask to get to block the 2 groups of ip address you pointed out?

Do you know then what would I actually put into iis IP restrictions? Thanks,

[quoted text, click to view]

These don't match. Applying that mask to 102.168.0.0 gives you the network
range 102.168.0.0 - 102.168.0.254.

What do you want to do:

1) Block 102.168.0.0 - 102.168.254.254

2) Block 102.168.0.0 - 102.168.0.254

You didn't answer my question.

You said:

"I would like to deny access to computers from 102.168.0.0 - 102.168.254.254
with a subnet mask of 255.255.255.0"

I said:

"What do you want to do:

1) Block 102.168.0.0 - 102.168.254.254

2) Block 102.168.0.0 - 102.168.0.254"

Can't help you without an answer.

[quoted text, click to view]
WHAT? subnet mask to get to block the 2 groups of ip address you pointed
out?
[quoted text, click to view]

It seems that you do not understand IP subnetting. This is not an IIS =
question - instead, google for an IP subnetting calculator (if you're =
don't want to know the details), or an IP subnetting tutorial if you =
want to know what's going on.

All IP addresses are split into two parts - the first part is the =
"network ID", and the second part is the "host ID". The subnet mask is =
used to determine what part of the address is the network ID (and =
whatever is left is the host ID).

For example, you had the following starting address:
102.168.0.0

If you want to block *all* hosts in that network, then you transform =
that to the corresponding binary values (the first line, and then you =
enter the subnet mask, as 1s below that to indicate the network part - =
the second line):

1100110.10101000.00000000.00000000 <- starting address
1111111.11111111.00000000.00000000 <- subnet mask

The subnet mask indicates that all machines starting with 102.168.*.* =
are part of the same network. If you want to block all machines on that =
network, then you'd enter 102.168.0.0/255.255.0.0 as the network to =
block

Cheers
Ken


[quoted text, click to view]
: So then I would put in A GROUP of ip with the ip being 102.168.0.0 =
with WHAT? subnet mask to get to block the 2 groups of ip address you =
pointed out?
:=20
: Do you know then what would I actually put into iis IP restrictions? =
Thanks,
:=20