To all of you saying I missed the point, let me repost my original mail
with some annotations (and slightly rearranged).
> Would it be possible to set up a firewall using socks, whereby you could
> use any internal IP address you felt like, and be able to access services
> In particular, if you have a class C address from your internet provider, for
> example, would it be possible to set up additonal IP address beyond the 254
> behind your socks firewall?
To which, mjr @
com (if memory serves me right) replied:
> Yes, or using the firewall toolkit, or any other form of non-routing
> firewall, where IP traffic from your hidden address and your "real" address
> is blocked.
> The gotcha is that you need to make sure that the hidden address
> range is either a legal address range you've been issued, or it's one
> you're sure you're never going to want to talk to. :)
Then pat @
> RFC 1597 - Address Allocation for Private Internets
> Quoting from the rfc:
> This RFC describes methods to preserve IP address space by not
> allocating globally unique IP addresses to hosts private to an
> enterprise while still permitting full network layer connectivity
> between all hosts inside an enterprise as well as between all public
> hosts of different enterprises.
> The Internet Assigned Numbers Authority (IANA) has reserved the
> following three blocks of the IP address space for private networks:
> 10.0.0.0 - 10.255.255.255
> 172.16.0.0 - 172.31.255.255
> 192.168.0.0 - 192.168.255.255
> And so on and so forth.
This to me read that Pat was saying `use one of these addresses'. This lead
me to post:
> It is all very nice to have an RFC to look at, but this still does not
> solve the problem, does it? If I use one of the reserved networks for
> my internals and someone else uses the same network (an officially
> sanctioned one) I can never talk to a host on that network at that site
> since it will appear as a local one, correct?
I was trying to say that using one of the `officially sanctioned but not
for external use' addresses would not solve the original problem.
I hope this clears up this `misunderstanding' and buries this thread unless
someone comes up with a solution to the original problem.