Okay. Java Programmer Ted is a user on the internal network. Sun
discovers some major flaw in Java and posts a fix on their server.
Ted wants to download the fix.
To Ted's machine, the address of Sun's server appears to lie within
the local subnet. Ted's download request never gets to the first
gateway, let alone to Sun's server.
Effectively, using a non-RFC-1918 range on the inside of NAT means
that internal users cannot connect to legitimate public IP addresses
in that range.
(Your question may arise from a misparse of the pronoun "their" at
the line I've marked with a "*" below. I meant it to refer to the
network we had acquired, not to Sun. I have no idea what Sun uses
for *their* internal range, nor should I need to know.)
David Gillett
On 5 Jun 2001, at 0:23, Steve Wolfe wrote:
> I am a little surprised how these internal servers would somehow get affected by
> Sun's post. If it is not a problem would you explain?
>
> -cheers,
> Steve
>
>
> [EMAIL PROTECTED] wrote:
>
> > Internal numbers behind NAT should use the ranges allocated by RFC
> > 1918. One of the networks we acquired a year or two back had
> > randomly chosen to use a rnage allocated to Sun Microsystems for
*> > their internal block, and this worked fine as long as Sun didn't
post
> > urgent Java updates to servers in that block....
> >
> > David Gillett
> >
> > On 31 May 2001, at 11:29, [EMAIL PROTECTED] wrote:
> >
> > > > RFC 1918 && i quote..
> > > > - For security reasons, many enterprises use application
> > > > layer gateways to connect their internal network to the
> > > > Internet. The internal network usually does not have
> > > > direct access to the Internet, thus only one or more
> > > > gateways are visible from the Internet. In this case, the
> > > > internal network can use non-unique IP network numbers.
> > >
> > > At no point does it inet_addr this nor does it imply this.. IMHO
> > > it allows you only to control the internal makeup of your network structure.
> > >
> > > All it does other than preserve global ipv4s is, to allow for
> > > a obvious demarkation from what is global and what is not..
> > > FWs act as your horizontal and vertical controls.
> > >
> > > IMHO anyhow..
> > >
> > > Best Regards
> > > [EMAIL PROTECTED]
> > >
> > > Time for a lot more coffee..;-))
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
