Jan Engelhardt wrote:
On Friday 2010-10-08 06:40, Payam Chychi wrote:
Thats correct Scott,
in order for any systems to abuse your setup they will need to be directly
connected to a segment that has knowledge of valid route to the end system...
meaning if a computer is 2 hops away and the router in between has no knowledge
of how to get to your private rfc1918 then pkts get dropped.
Keep in mind that as ipv4 exhaustion gets extreme, some isps will use rcf1918
blocks and route them either in their IGP or even EGP (aka internet routes)...
Internally yes, but externally no. And it's not really RFC1918 routes being
"used in the Internet" - instead, it is "enlarging our NAT domain". (Mobile
UMTS/HSDPA providers do this in Germany already.)
Perhaps re-look at what rfc1918 is... also as you can read above i
stated IGP which is internal routing and is not to increase NAT domains
and with a "even" EGP which would be considered external to your network
and as you can see the latter was meant for extreme cases... but what do
i know
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
