Re: iptables question

To: deloptes <deloptes@gmail.com>
Cc: debian-user@lists.debian.org
Subject: Re: iptables question
From: Henning Follmann <hfollmann@itcfollmann.com>
Date: Mon, 14 Nov 2016 07:11:41 -0500
Message-id: <[🔎] 20161114121141.GA30111@smallapple.itcfollmann.com>
Mail-followup-to: deloptes <deloptes@gmail.com>, debian-user@lists.debian.org
In-reply-to: <[🔎] o0atuc$8r7$1@blaine.gmane.org>
References: <[🔎] 31009623-6fd0-6806-9d15-ae34c4e6cc66@gmail.com> <[🔎] o09vg1$r8r$1@blaine.gmane.org> <[🔎] 9648db85-21b9-aab6-2f87-387f1144bb68@plouf.fr.eu.org> <[🔎] o0afiq$jnb$1@blaine.gmane.org> <[🔎] 40915ee4-fd6d-9a72-8a4c-c90b91da3781@plouf.fr.eu.org> <[🔎] o0aj9h$5c1$1@blaine.gmane.org> <[🔎] 04873AA1-F707-4CB0-98D4-627B71A98D8A@itcfollmann.com> <[🔎] ded72e20-d8f9-4e8a-1c72-a5fe4a9ca2be@plouf.fr.eu.org> <[🔎] 26A8BB1E-6085-4B55-B413-D54547A43FBA@itcfollmann.com> <[🔎] o0atuc$8r7$1@blaine.gmane.org>

On Mon, Nov 14, 2016 at 12:45:20AM +0100, deloptes wrote:
> Henning wrote:
> 
> > And usually there is no reason for two separate rfc1918 address ranges.
> > Pick one matching your address space needs and design subnets.
> > There is only one single reason for nat: you have more hosts than routable
> > ip addresses. I guess 10.0.0.0 meets even the biggest organizations.
> 
> Thank you for the line of argumentation. As usual if something works for 10y
> it undergoes a lot of changes. So the reason for not using 10.0.0.0
> internally is that it is historically that way. Some years ago the firewall
> was connected to the public network directly. The new provider gave me the
> modem and it uses automatically 10.0.0.0, which I can not influence. I just
> did the DMZ - this was the time I tried to rewrite the firewall rules, but
> I found out I need to read again a lot about iptables and more important it
> would mean I would need to experiment and jeopardize the network.
> The setup is useful in the way that the whole wireless network is outside
> the firewall in the 10.0.0.0/24 range. All that I need for operating works
> perfectly. Now the only problem is that I can not access anything else on
> the 10.0.0.0 network except the modem.
> 
> thanks again
> 
> 

Last time I chime in here.
I understand growth and chaos, believe me. However sometimes we need a
nudge or a kick in the but to clean up. Maybe this is your call.
Simplicity is a beautiful thing my friend.


-H

-- 
Henning Follmann           | hfollmann@itcfollmann.com

Reply to:

Follow-Ups:
- Re: iptables question
  - From: deloptes <deloptes@gmail.com>

References:
- Re: iptables question
  - From: Michael Milliman <michael.e.milliman@gmail.com>
- Re: iptables question
  - From: deloptes <deloptes@gmail.com>
- Re: iptables question
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: iptables question
  - From: deloptes <deloptes@gmail.com>
- Re: iptables question
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: iptables question
  - From: deloptes <deloptes@gmail.com>
- Re: iptables question
  - From: Henning <henning@itcfollmann.com>
- Re: iptables question
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: iptables question
  - From: Henning <henning@itcfollmann.com>
- Re: iptables question
  - From: deloptes <deloptes@gmail.com>

Prev by Date: Re: How to run a script before shutdown?
Next by Date: Re: How to run a script before shutdown?
Previous by thread: Re: iptables question
Next by thread: Re: iptables question
Index(es):
- Date
- Thread