Re: NAT addresses - RFC or tradition?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Stealing another companies or organizations IP addresses can well break thing for you like SMTP, and web sites you host. In a small network, these things can be fixed quite easily, yet requires a trip to each and every wrongly numbers system. In a large network this can be quite an extensive issue when trying to come into compliance with the real world. BTDT. The proper thing to do, is to get a IP space block from your provider for at the least external addressing and use proper RFC assigned private addresses for NAT functioning internally, it saves many headaches down the road.

Thanks,

Ron DuFresne

On Tue, 22 May 2007, Andre Guimarães wrote:

It's quite simple.
You're using public IPs in your internal networks.
Some of these IPs may exist and have an owner an maybe even a web site.
You'll be in trouble in the day you wish to acess one of these IPs on the
internet because you won't reach them because you have them on your network
and so won't route the packets to the internet.

The IP's in fact, don't have any thing different, so you can use them and
iptables will not have any problems. It's just a route problem, that as you
chose to use these IP's, you won't be able to reach these real public IP's in
the internet.

Sorry for the bad english.

On Tuesday 22 May 2007 16:26, Paul Blondé wrote:
I've noticed that a lot of people use the 192.168.X.X subnet for internal
networks, is this (and the less-used 10-series) a requirement of some RFC,
or a recommendation that has become tradition?

We are using a completely different subnet, something similar to (for
example) 42.127.129.X to further obfuscate the internal network from
outside. This, and many other examples, produces a class-A subnet mask
(some produce a class-B) when entered in WinXP's TCP/IP dialog, although
the actual mask we use with it is class-C.

Is this a no-no? Will it break our server's IPTables when communicating
with it? Am I in for a lot of trouble? The addresses don't seem to cause
any problems, but I don't want this to jump up and bite us in the bottom
sometime down the road.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Paul Blondé



- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGdsAgst+vzJSwZikRAvKcAJ9gc5ZLSh++4Yu553m8dETiPZicqgCfYER9
MADqb7HjfwQWHxAOyJfu/us=
=DJrm
-----END PGP SIGNATURE-----

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux