[SLUG] Re: ISP requests IP block back
Why on earth would you want an assigned IP block? Private address space should be sufficient for any organisation that requires a block of IP addresses; and private address space offers the unique security feature that individual addresses are not propagated on the Internet past the first firewall or NAT making it extremely difficult (although not totally impossible) for hackers to gain access to your internal machines. For completeness, here is the list of private addresses defined in RFC1597: 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 My advice is - Give them ALL the addresses back, choose a private address scheme and reassign all your machines. Go through the pain. Reconfigure your router/gateway/firewall/NAT and move on. The advantage for all this once-off pain is that NO ONE will ever again dictate a change in IP addressing in your organisation. You can allocate as many or as few addresses as you wish, making your scheme as complicated or as simple as you need and sub-addressing whatever you want for whichever branch offices that you have, etc. Russell Ashdown On 18 Apr 01, at 18:40, Alan Lee wrote about: [SLUG] ISP requests IP block back I have two IP address blocks snip My ISP has requested one of them back, I have had this address rang for over a year now. snip -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: ISP requests IP block back
Whats to say they already use such private addresses for internal network, and use the public ip's on the companies firewall and DMZ for services that relate to doing business on the internet and publishing pages on ones webserver etc. Still is a pain in the arse with this situation also, doesn't mean they are not already doing what you suggest. Just my 2 cents worth. My advice is - Give them ALL the addresses back, choose a private address scheme and reassign all your machines. Go through the pain. Reconfigure your router/gateway/firewall/NAT and move on. The advantage for all this once-off pain is that NO ONE will ever again dictate a change in IP addressing in your organisation. You can allocate as many or as few addresses as you wish, making your scheme as complicated or as simple as you need and sub-addressing whatever you want for whichever branch offices that you have, etc. Russell Ashdown -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
RE: [SLUG] Re: ISP requests IP block back
-Original Message- From: Russell Ashdown [mailto:[EMAIL PROTECTED]] Sent: Thursday, 19 April 2001 11:45 AM To: Alan Lee Cc: [EMAIL PROTECTED] Subject: [SLUG] Re: ISP requests IP block back Why on earth would you want an assigned IP block? Ummm, you MUST have at least some registered space if you wish to put your hosts on the Internet. Otherwise no one will be able to find you! Clearly the two /28 blocks mentioned only give you 6 usable addresses each, not enough to run the organisation. Just the right number to allow you to put www.xyz.com.au, mail.xyz.com.au, nameserver.xyz.com.au, proxy.xyz.com.au on to the net. You can't NAT everything. (Sure you can have the ISP host for you, but this isn't always a scalable solution) Martin Visser Technology Consultant - Compaq Global Services Compaq Computer Australia 410 Concord Road Rhodes, Sydney NSW 2138 Australia Phone: +61-2-9022-5630 Mobile: +61-411-254-513 Fax:+61-2-9022-7001 Email:[EMAIL PROTECTED] -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
RE: [SLUG] Re: ISP requests IP block back
On Thu, 19 Apr 2001, Visser, Martin (SNO) wrote: Why on earth would you want an assigned IP block? Ummm, you MUST have at least some registered space if you wish to put your hosts on the Internet. Otherwise no one will be able to find you! Depends on your definition of "some". You can do it with one address - to point your domain to - and some intelligent inbound proxy setup to redirect requests for a given port/protocol to a private IP range. You can't NAT everything. (Sure you can have the ISP host for you, but this isn't always a scalable solution) Who says? I did it once upon a time - 1500 person company, spread over 6 capital cities in Australia and twice as many office locations - while we had a complete class C address range available, we used _one_ address - everything else was done via NAT either inbound or outbound - including mail, web traffic, and other services. Worked quite well, considering. And it certainly narrowed down the potential for inbound hacks to ports WE defined as permitted, not just open slather. DaZZa -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
Re: [SLUG] Re: ISP requests IP block back
My advice is - Give them ALL the addresses back, choose a private address scheme and reassign all your machines. Go through the pain. Reconfigure your router/gateway/firewall/NAT and move on. The advantage for all this once-off pain is that NO ONE will ever again dictate a change in IP addressing in your organisation. You can allocate as many or as few addresses as you wish, making your scheme as complicated or as simple as you need and sub-addressing whatever you want for whichever branch offices that you have, etc. Russell Ashdown -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug