[NTLUG:Discuss] internet routing of private IPs causing problems..
Carl Haddick
sysmail at glade.net
Thu Jan 10 08:45:14 CST 2008
On Wed, Jan 09, 2008 at 05:06:14PM -0600, Richard Geoffrion wrote:
> brian at pongonova.net wrote:
> > Why would you want to forward packets to private networks beyond your
> > firewall? You *do* have a firewall, right?
> >
>
> Fact: A Server with no NAT, no DHCP. just ONE single ethernet NIC bound
> to a single public IP address
> Fact: With NO routing or IP forwarding involved on the linux host and
> with only ONE single IP address bound to the nic, it is possible to ping
> 192.168.2.1 (and others) from this host.
> Fact: VMWARE server is loaded on this machine and a HOST ONLY network is
> setup with the host OS having an IP address of 192.168.2.1/24 assigned
> to it's VMNET1 interface.
> Fact: The VMNET1 will *NOT* start if the server itself is able to
> ping/reach/contact the IP address that it has been assigned.
>
Maybe try 192.168.3.1/24?
When I ran a wireless ISP I used private addresses for the routers
inside my five city network. Small cities. Wide spots in the road,
arguably, but I did my best to grow.
Pinging those routers from a customer's computer was helpful, so within
my network I routed the subnets I used. In 10.0.0.0/8 there are 64K
class C subnets, in 192.168.0.0/16 there are 256, and in 172.16.0.0/12
there are 16 class C's. Have you tried nmap to find unused private
networks?
If your ISP is using private IP addresses where they can, that's not
necessarily a bad thing. If they are providing services to some
customers on private IP addresses, they probably need to route those
subnets.
I'm not trying to be contrarian regarding your trouble, but conserving
IP addresses is a good thing.
It may also be true the ISP is fixated on modern management, which
literally doesn't care about customers or company longevity if a short
term stockholder boost is in the way. That might mean you will have
trouble getting information from them, particularly if their customer
support is outsourced.
Just my two cents - could be there's a reason they are routing certain
private IP ranges, and there's likely a way to live and let live.
Or not. Just a thought.
Regards,
Carl
More information about the Discuss
mailing list