[NTLUG:Discuss] internet routing of private IPs causing problems..

Richard Geoffrion ntlug at rain4us.net
Wed Jan 9 17:06:14 CST 2008 

brian at pongonova.net wrote:
> Why would you want to forward packets to private networks beyond your
> firewall?   You *do* have a firewall, right?
>   

Fact: A Server with no NAT, no DHCP. just ONE single ethernet NIC bound 
to a single public IP address
Fact: With NO routing or IP forwarding involved on the linux host and 
with only ONE single IP address bound to the nic, it is possible to ping 
192.168.2.1 (and others) from this host.
Fact: VMWARE server is loaded on this machine and a HOST ONLY network is 
setup with the host OS having an IP address of 192.168.2.1/24 assigned 
to it's VMNET1 interface.
Fact: The VMNET1 will *NOT* start if the server itself is able to 
ping/reach/contact the IP address that it has been assigned.

I do NOT want to forward private networks to the internet.. I want the 
exact opposite.  I want my ISP to quit polluting MY network with their 
private IP network!

Yes, I could (and should...and probably will have to) setup firewall 
rules to block the forwarding of private IP addresses out onto the 
internet, but that makes no excuse for a seemingly major Telcom player 
(read: McLeodUSA) to allow their customers to affect THEIR private IP 
networks.

McLeodUSA has absolutely NO understanding of the issue and they think 
I'm nutso.  Maybe I am. Maybe I should just ping flood all the internal 
router addresses until someone gets a clue.

In the mean time, I guess I will have to figure out how to add in 
firewalling rules to stop the ??forwarding??? (I'm not really 
forwarding.. I'm just sending out??   maybe the OUTPUT chain 
then)...figure out how to firewall outbound packets to private ip 
addresses then -- and of course do it without killing internal routing.  
I guess just a plain drop would work.

I hope my issue is a bit more understood...though I wasn't out to 
clarify/argue my setup...just the idea of whether or not the public 
network should route private addresses.

-- 
Richard (a bit frustrated)

More information about the Discuss mailing list