privatni IP adresy
Matus Uhlar
uhlar at space.netlab.sk
Wed Mar 18 17:58:28 CET 1998
Petr Simek <petrsi at jcu.cz> wrote:
->> Je pravda , ze jeden zaznam 192.168/16 moc bordelu neudela, ale spis to
->> vypovida o tom, ze spravce toho AS je bordelar a nerozumi svemu
->> remeslu. Protoze to, ze ten-34 posila tyhle IP adresy zrovna do nemecka
-> Kdyz udelate traceroute na 192.168.x.x tak prece od Vas zadne packety s
-> touto privatni adresou nejdou ! Od Vas odchazeji packety s Vasi - tedy
-> registrovanou - IP adresou a odchazeji na adresu 192.168.x.x - ktera
-> neexistuje a tudiz nikam nedojdou. A mimochodem - nejdou do nemecka , ale
-> do US na dante ..
ale je to chyba ci idu tam ci tam; oni maju byt drobnute prvym routerom
ktory neroutuje danu adresu; skratka bud router take IP routuje a potom ich
posle kam ma (ale do inetu nie) alebo ich ma dropnut, resp. vratit icmp 'no
route to host'
A kazdy router ktory toto nerobi je zle nakonfigurovany.
Pre mna za mna, vo vnutropodnikovej sieti kde sa dane IP lokalne NEPOUZIVA
nech si idu taketo pakety po celej sieti az ku gateway; ale ta ich uz dalej
pustit NEMA.
VID: RFC 1918: Address Allocation for Private Internets
...
The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
...
Because private addresses have no global meaning, routing information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
should not be forwarded across such links. Routers in networks not
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private networks. If such a router receives
such information the rejection shall not be treated as a routing
protocol error.
...
It is strongly recommended that routers which connect enterprises to
external networks are set up with appropriate packet and routing
filters at both ends of the link in order to prevent packet and
routing information leakage. An enterprise should also filter any
private networks from inbound routing information in order to protect
itself from ambiguous routing situations which can occur if routes to
the private address space point outside the enterprise.
...
staci ?
--
Matus "fantomas" Uhlar, sysadmin at NETLAB+ Kosice, Slovakia
More information about the net
mailing list