[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Non-routing IP addresses

At 02:02 PM 5/30/00 -0600, Mullins, Ron wrote:
>I know that if you are using NAT, you are supposed to use the private:
>    -
>  -
> -
>These are said to be "non-routing". My problem is my current employer uses a
>11.x.x.x (parent company used 10.x.x.x). So I have the following questions:
>1. Do these private address increase security in any way?

Compared to what? Using NAT behind a firewall increases security enormously.
Using the "wrong" addresses with NAT doesn't worsen the security issues in
any way that I know of (at least not when using Linux-based firewalls; who
knows what proprietary routers might do with them?).

>2. Since we use NAT, no 11.x.x.x addresses get to the net, so is there any
>reason to switch, other than recommended convention?

Yes. The reason you yourself suggest in question 4. I don't have a quick way
to check if any addresses in are actually in use, though.

>3. Why are they "non-routing"? Or do my specs need an upgrade...and I'm
>talking glasses. I haven't seen anything other than "you should..." in the

By convention, they will never be assigned to any location as their public
addresses. Hence, all private networks can use them as they see fit (subject
to NAT'ing them for public connections), without interfering with their
access to the public address space of the Internet.

They are not "non-routing" in any technical sense. I route all the time, for
example, between and within my private
LAN. The Linux router I have on that connection routes just fine. But if I
sent these addresses out (unMasq'd) to my ISP, they wouldn't get far; I
expect my ISP's routers would block them, if I didn't.

>4. (possibly redundant) Does using a non-private IP behind a NAT break
>anything? (besides actually getting to real 11.x.x.x)

Not that I know of. But the parenthetical really is a big deal, not a minor

------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA           	 	         ray@comarre.com        

Reply to: