privatni IP adresy

Matus Uhlar uhlar at space.netlab.sk
Wed Mar 18 17:58:28 CET 1998 

Petr Simek <petrsi at jcu.cz> wrote:
->> Je pravda , ze jeden zaznam 192.168/16 moc bordelu neudela, ale spis to
->> vypovida o tom, ze spravce toho AS je bordelar a nerozumi svemu
->> remeslu. Protoze to, ze ten-34 posila tyhle IP adresy zrovna do nemecka

-> Kdyz udelate traceroute na 192.168.x.x tak prece od Vas zadne packety s
-> touto privatni adresou nejdou ! Od Vas odchazeji packety s Vasi - tedy
-> registrovanou - IP adresou a odchazeji na adresu 192.168.x.x - ktera
-> neexistuje a tudiz nikam nedojdou. A mimochodem - nejdou do nemecka , ale
-> do US na dante ..

ale je to chyba ci idu tam ci tam; oni maju byt drobnute prvym routerom
ktory neroutuje danu adresu; skratka bud router take IP routuje a potom ich
posle kam ma (ale do inetu nie) alebo ich ma dropnut, resp. vratit icmp 'no
route to host'

A kazdy router ktory toto nerobi je zle nakonfigurovany.

Pre mna za mna, vo vnutropodnikovej sieti kde sa dane IP lokalne NEPOUZIVA
nech si idu taketo pakety po celej sieti az ku gateway; ale ta ich uz dalej
pustit NEMA.

VID: RFC 1918: Address Allocation for Private Internets

...

   The Internet Assigned Numbers Authority (IANA) has reserved the
   following three blocks of the IP address space for private internets:

     10.0.0.0        -   10.255.255.255  (10/8 prefix)
     172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
     192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

...

   Because private addresses have no global meaning, routing information
   about private networks shall not be propagated on inter-enterprise
   links, and packets with private source or destination addresses
   should not be forwarded across such links. Routers in networks not
   using private address space, especially those of Internet service
   providers, are expected to be configured to reject (filter out)
   routing information about private networks. If such a router receives
   such information the rejection shall not be treated as a routing
   protocol error.

...

   It is strongly recommended that routers which connect enterprises to
   external networks are set up with appropriate packet and routing
   filters at both ends of the link in order to prevent packet and
   routing information leakage. An enterprise should also filter any
   private networks from inbound routing information in order to protect
   itself from ambiguous routing situations which can occur if routes to
   the private address space point outside the enterprise.
...

staci ?
--
 Matus "fantomas" Uhlar, sysadmin at NETLAB+ Kosice, Slovakia

More information about the net mailing list