Great Circle Associates Firewalls
(October 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: IP addresses
From: "Sami Yousif" <syousif @ swbell . net>
Organization: TeddyR Computers
Date: Tue, 21 Oct 1997 09:50:52 -0600
To: "Hisham Abdullatif Al-Rumaihi" <rumaihi @ internic . uob . bh>, firewalls @ greatcircle . com
Comments: Authenticated sender is <syousif @ postoffice . swbell . net>
Expiry-date: 7 Aug 1999 08:07:00
In-reply-to: <344C650B . 54408B84 @ admin . uob . bh>
Reply-to: syousif @ iname . com 
-----BEGIN PGP SIGNED MESSAGE-----

On 21 Oct 97 somewhere around 11:17, Hisham Abdullatif Al-Rumaihi (Hisham Abdullatif Al-Rumaihi <rumaihi @
 internic .
 uob .
 bh>) wrote sbout "IP addresses":

> Hi,
> 
> We have Class C network, and we have 400 internet users, 150 of them not
> 
> using the internet, but they are using TCP/IP applications(Oracle).
> 
> We have DHCP server running on NT 4.0, and Proxy server running on NT
> 4.0 for accessing the internet through ip addresses.
> 
> The problem is we are running out of IP addresses, and not all the users
> 
> using the internet, is there a way to give the oracle users illegal ip
> addresses.
> 
> Please can anybody help us.

There are at least two possible solutions for that 

1-If the oracle people NEVER use the internet, The 192.168.x.y class 
C ranges are availible for use in private networks that do not 
connect to the internet. The only requirement to use these is that 
they must not be broadcast past your border routers. [most modern 
routers already block sending and recieving addresses from the 
"private" block of IP addresses]. You just need to multihome the 
oracle server so that both real and private addresses can acccess it.

2- The second solution is to use a NAT [network 
address transelation] firewall/router. These allow you to dynamically 
transelate between a private number to a real number. 

Some many:one where many addresses will be transelated to one 
"outgoing" machine. Some routers can do this. There are also at 
least 2 software solutions. Nevod has an NT based solution  as their 
NAT1000 software[commercial], and Linux has the IP masquerading 
options [free]. With this method (NAT1000 or IPMASQ) you can use the 
"real" ips for machines that HAVE to be seen diretcly from the 
internet, and the "private" for those that browse.

There are also some [many:many] NAT devices out there, that will 
transelate from one of the private IPs to an IP out of a "pool" of 
availible external addresses. This solution is usually more expensive 
than the others mentioned.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Requires PGP version 2.6 or later.

iQCVAwUBNEx6+iYlQWnkamP9AQFjOQQAoGMw7LKO8pLcBcQNswIHRNHU3qDmovSP
lbF6xEy9KmwE7ZcUNusuf9z8ofrPzt/unk2B/Knvx9k68Bck6OSkKbsN6o1Bz6Li
O6/oTAwolvjwBBwdku+b7vdJFFacAVXZgQOJi9allskOONAi8sgmJPZFXrrYJcY6
as0UcQZueRI=
=NVmk
-----END PGP SIGNATURE-----

---

Sami Yousif
syousif @
 iname .
 com

PGP Public key on KeyServers or via [mailto://syousif @
 iname .
 com?subject=send pgp key?body=send pgp key]

pub  1024/E46A63FD 1997/10/07 syousif @
 iname .
 com
Key fingerprint = 8C B8 57 26 C2 EE 7C CF  AF 0F 61 88 3B 95 3F 19
References:
  • IP addresses
    From: "Hisham Abdullatif Al-Rumaihi" <rumaihi @ admin . uob . bh>
Indexed By Date Previous: Re: REMOVES
From: "John Hough" <jbh @ iwbc . com>
Next: sex,lies, and application proxy based fw vs Check Point
From: Frank Darden <fdarden @ locked . com>
Indexed By Thread Previous: Re: IP addresses
From: Ederlindo Cojuangco <derts @ cebu . mozcom . com>
Next: Re: IP addresses
From: Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>
Google
 
Search Internet Search www.greatcircle.com