Firewalls: Re: using socks to hide internal IP

Firewalls
(June 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: using socks to hide internal IP
From:	sgcccdc @ citec . qld . gov . au (Colin Campbell)
Date:	Wed, 15 Jun 94 17:23:51 EST
To:	firewalls @ GreatCircle . com

Hi again,

To all of you saying I missed the point, let me repost my original mail
with some annotations (and slightly rearranged).

Someone wrote:

> Would it be possible to set up a firewall using socks, whereby you could 
> use any internal IP address you felt like, and be able to access services 
> outside?
> 
> In particular, if you have a class C address from your internet provider, for
> example, would it be possible to set up additonal IP address beyond the 254
> behind your socks firewall?

To which, mjr @
 tis .
 com (if memory serves me right) replied:

>     Yes, or using the firewall toolkit, or any other form of non-routing
> firewall, where IP traffic from your hidden address and your "real" address
> is blocked.
> 
>     The gotcha is that you need to make sure that the hidden address
> range is either a legal address range you've been issued, or it's one
> you're sure you're never going to want to talk to. :)

Then pat @
 tandem responded:

> 
> RFC 1597 - Address Allocation for Private Internets 
> 
> Quoting from the rfc:
> 
>    This RFC describes methods to preserve IP address space by not
>    allocating globally unique IP addresses to hosts private to an
>    enterprise while still permitting full network layer connectivity
>    between all hosts inside an enterprise as well as between all public
>    hosts of different enterprises. 
> 
> 
>    The Internet Assigned Numbers Authority (IANA) has reserved the
>    following three blocks of the IP address space for private networks:
> 
>         10.0.0.0        -   10.255.255.255
>         172.16.0.0      -   172.31.255.255
>         192.168.0.0     -   192.168.255.255
> 
> And so on and so forth.

This to me read that Pat was saying `use one of these addresses'. This lead
me to post:

> It is all very nice to have an RFC to look at, but this still does not
> solve the problem, does it? If I use one of the reserved networks for
> my internals and someone else uses the same network (an officially
> sanctioned one) I can never talk to a host on that network at that site
> since it will appear as a local one, correct?

I was trying to say that using one of the `officially sanctioned but not
for external use' addresses would not solve the original problem.

I hope this clears up this `misunderstanding' and buries this thread unless
someone comes up with a solution to the original problem.

Colin

Indexed By Date	Previous:	Re: using socks to hide internal IP addresses From: Robin Garner <torobin @ oms002 . svh . unsw . EDU . AU>
Indexed By Date	Next:	Re: using socks to hide internal IP addresses From: jim @ chiba . Tadpole . COM (Jim Thompson)
Indexed By Thread	Previous:	Re: proxy service access revisited From: "Ross Patterson" <n4yyh @ mott . sensor . com>
Indexed By Thread	Next:	reserved addresses From: hobbit @ bronze . lcs . mit . edu (Hobbit)