Re: iptables question

To: debian-user@lists.debian.org
Subject: Re: iptables question
From: deloptes <deloptes@gmail.com>
Date: Mon, 14 Nov 2016 00:45:20 +0100
Message-id: <[🔎] o0atuc$8r7$1@blaine.gmane.org>
Reply-to: deloptes@gmail.com
References: <[🔎] o080pt$ok8$1@blaine.gmane.org> <[🔎] 20161112223216.2c7cf605@jresid.jretrading.com> <[🔎] o08bim$b11$1@blaine.gmane.org> <[🔎] 31009623-6fd0-6806-9d15-ae34c4e6cc66@gmail.com> <[🔎] o09vg1$r8r$1@blaine.gmane.org> <[🔎] 9648db85-21b9-aab6-2f87-387f1144bb68@plouf.fr.eu.org> <[🔎] o0afiq$jnb$1@blaine.gmane.org> <[🔎] 40915ee4-fd6d-9a72-8a4c-c90b91da3781@plouf.fr.eu.org> <[🔎] o0aj9h$5c1$1@blaine.gmane.org> <[🔎] 04873AA1-F707-4CB0-98D4-627B71A98D8A@itcfollmann.com> <[🔎] ded72e20-d8f9-4e8a-1c72-a5fe4a9ca2be@plouf.fr.eu.org> <[🔎] 26A8BB1E-6085-4B55-B413-D54547A43FBA@itcfollmann.com>

Henning wrote:

> And usually there is no reason for two separate rfc1918 address ranges.
> Pick one matching your address space needs and design subnets.
> There is only one single reason for nat: you have more hosts than routable
> ip addresses. I guess 10.0.0.0 meets even the biggest organizations.

Thank you for the line of argumentation. As usual if something works for 10y
it undergoes a lot of changes. So the reason for not using 10.0.0.0
internally is that it is historically that way. Some years ago the firewall
was connected to the public network directly. The new provider gave me the
modem and it uses automatically 10.0.0.0, which I can not influence. I just
did the DMZ - this was the time I tried to rewrite the firewall rules, but
I found out I need to read again a lot about iptables and more important it
would mean I would need to experiment and jeopardize the network.
The setup is useful in the way that the whole wireless network is outside
the firewall in the 10.0.0.0/24 range. All that I need for operating works
perfectly. Now the only problem is that I can not access anything else on
the 10.0.0.0 network except the modem.

thanks again

Reply to:

Follow-Ups:
- Re: iptables question
  - From: Henning Follmann <hfollmann@itcfollmann.com>

References:
- iptables question
  - From: deloptes <deloptes@gmail.com>
- Re: iptables question
  - From: Joe <joe@jretrading.com>
- Re: iptables question
  - From: deloptes <deloptes@gmail.com>
- Re: iptables question
  - From: Michael Milliman <michael.e.milliman@gmail.com>
- Re: iptables question
  - From: deloptes <deloptes@gmail.com>
- Re: iptables question
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: iptables question
  - From: deloptes <deloptes@gmail.com>
- Re: iptables question
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: iptables question
  - From: deloptes <deloptes@gmail.com>
- Re: iptables question
  - From: Henning <henning@itcfollmann.com>
- Re: iptables question
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: iptables question
  - From: Henning <henning@itcfollmann.com>

Prev by Date: Re: iptables question
Next by Date: Re: iptables question
Previous by thread: Re: iptables question
Next by thread: Re: iptables question
Index(es):
- Date
- Thread