Great Circle Associates Firewalls
(October 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Running out of IPs
From: sazah @ ibu . sj . nec . com (Sunny Azah)
Date: Fri, 18 Oct 1996 17:05:23 -0700 (PDT)
To: webmaster @ internic . uob . bh (Hisham Khalifa Al Saad)
Cc: firewalls @ GreatCircle . COM
In-reply-to: <19961018001041 . AAA30430 @ HISHAM> from "Hisham Khalifa Al Saad" at Oct 18, 96 03:10:42 am 
> 
> > PrivateNet seals the internal network from outside.  This means we can have
> > illegal ip addresses inside.  and Tokyo was reporting this saves ip
> > addresses and some customers are happy. This could be recommended to 
> > Friedrich Fahnert. 

The purists argue that this is a bad thing.  That NAT devices are "evil."
However, it makes connecting an exsiting large IP site easier by avoiding
renumbering your network.  It also makes some happier, in that these
addresses are not routable and attacking them directly is impossible.
And it does allow one get by with a single class C network address
instead of having the justify a class B or class A network address
with the NIC.


> > From: Friedrich Fahnert <fritz @
 engg2 .
 mobinfo .
 com>
> > Organization: Mobile Information Systems Inc.
> > To: Hisham Khalifa Al Saad <webmaster @
 internic .
 uob .
 bh>
> > Cc: firewalls @
 GreatCircle .
 COM
> > Subject: Re: Running out of IPs
> > References: <19961018001041 .
 AAA30430 @
 HISHAM>
> > Sender: firewalls-owner @
 GreatCircle .
 COM

> > > 1-) Sooner i'll be running out of IP addresses.
> > > 2-) The need to trace and filter out some users whom are not allowed to
> access
> > >     the Internet and also to prevent them from reserving an IP
dress by
> > > installing
> > >     TCP/IP on thier machines and getting an automatic IP address from
> the DHCP.
> > > 
> > > What are the best solutions to have more IP addresses (is it by a Novell
> Server
> > > or something else?,etc..), and also to deny illegal users from
serving an
> > > IP address
> > > on the DHCP Server.
> > > 
> > > I would appreciate any help...
> > > 

Use a NAT device or a proxy-based firewall (with perform NAT naturally).
These will allow you to use one of the unregistered IP network addresses
(e.g 10.0.0.0) for your internal network and only a handful of addresses
on the outside.  Using the 10 network, you can subnet into 252 subnets
and put over 65,000 systems on each subnet.  Plenty of room.

-- 
sa.

--------------------------------------------------------------------------
Sunny Azah - sazah @
 ibu .
 sj .
 nec .
 com 

                            Internet Business Unit, Home of the PrivateNet
                            NEC Technologies, Inc.
                            110 Rio Robles San Jose, CA 95134
                            Tel:(408) 433-2161 FAX:(408) 433-1230

http://www.privatenet.nec.com
--------------------------------------------------------------------------
References:
Indexed By Date Previous: Re: Ascend Firewall
From: Yobie Benjamin <yobie @ yobie . com>
Next: Re: hello..
From: sazah @ ibu . sj . nec . com (Sunny Azah)
Indexed By Thread Previous: Re: Running out of IPs
From: Friedrich Fahnert <fritz @ engg2 . mobinfo . com>
Next: Re: Running out of IPs
From: Chris Lonvick <clonvick @ cisco . com>
Google
 
Search Internet Search www.greatcircle.com