[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: how-to: assign bogus IPs to LAN?
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: Re: how-to: assign bogus IPs to LAN?
- From: kriston_(_at_)_ibm_(_dot_)_net (Kriston J. Rehberg)
- Date: Sun, 7 Jun 1998 00:09:58 -0400
- Delivery-date: Sat Jun 6 21:13:33 1998
You really should use the blessed "test" network, or the new
"internal" network. The traditional "test" network is 192.168.x.y,
and the new "internal" network is 10.x.y.z. YOu can use the 100.x.y.z
numbers you specified, but if your routing isn't finely tuned then
you'll have a hard time reaching machines out "on the net" that are in
the 100.x.y.z range. I would suggest that you use 10.x.y.z instead,
especially if you ever plan to venture out on the Internet some day.
Your life will be much easier.
The way I always understood it, the 192.168.y.z and 10.x.y.z networks
were designated for those networks that are private or "fake" and are
never intended to be visited by outsiders, while at the same time the
internal machine can venture out on "the net." Enormously huge
internal networks (behind PIX gateways or proxies protected from the
outside world) that are not "temporary" or "fake" are to use the
10.x.y.z numbers instead.
>It is claimed, but unverified, that Dimitar Stoikov wrote:
>> I have OpenBSD 2.2.
>> My idea is as follow:
>> 1. I have configured connection to my ISP via ppp0, IP=18.104.22.168:
>> ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST>
>> inet 22.214.171.124 --> 126.96.36.199 netmask 0xfffffff0
>> 2. I want to configure my machine to give telnet and ftp to a small
>> number of workstations (win95) via ed2 (lan card).
>> Then i tried to assign bogus IP 100.100.100.0 to OpenBSD mahcine:
>> 1. sysctl -w net.inet.ip.forwarding=1
>> I need ipforwarding enabled.
>> 2. ifconfig ed2 inet 100.100.100.0 arp netmask 255.255.255.250
>> In my mind this will assign address 100.100.100.0 from address family
>> inet to interface ed2, enable mapping between dotted IP and ethetnet mac
>> address. Netmask is not default 255.0.0.0 because I want only five
>> computers being in this net.
>This looks like the killer here. You are assigning
>100.100.100.0 as the ip address. No! You must give it an
>actual address. (.0 is the network address (see: stevens, vol
>2(2?)) The subnet mask SHOULD match the ones on the PCs. If
>you want to LIMIT access, use ipfilter to allow
>100.100.100.25[0-5] to use telnet/ftp.
>> 3. route -vn add -net 100 100.100.100.0
>> I think this will make my OpenBSD work as a router for the net (class
>> A) 100 using gateway 100.100.100.0
>Well, this would happen with you give ed2 a legit address.
>Try 100.100.100.1 for the Unix box.
Kriston J. Rehberg
AOL: Kriston http://kriston.net/
Visit your host, monkey.org