Question

Locked

Changing from public addressing to private in a LAN

By carmenmonterroso ·
We were using public addressing 175.200.0.0/16 and decided to change to private 10.1.0.0. But now my servers have a lot of trafic to differene addresses that do not even exist in my WAN or LANs.

Have someone had this problem before?

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

What do you want...

by cmiller5400 In reply to Changing from public addr ...

??? It IS going to be a lot of work re-addressing a LAN. You will need to create those subnets, VLAN's or however you choose to do it depending on your equipment. It won't work by magic...

Collapse -

10.1.0.0

by LarryD4 In reply to Changing from public addr ...

It is private but your dealing with all the 10.1.0.0 private side packets of people and companies, that have them open publically to the web. You router can't differentiate between your 10.1.0.1 packets and another sites 10.1.0.1 packets. So it lets them all in to run around your network until they eventually get lost or sent back out over the internet.

I suggest changing your network to something like 10.104.0.0 ot 10.120.0.0 to make it less likely you receive those rogue packets.
I would even get more defined and make the network something like, 10.50.50.0, 10.50.51.0, 10.50.52.0, etc..

Collapse -

Couldn't you...

by cmiller5400 In reply to 10.1.0.0

Couldn't you just set up filter/acl to not allow those packets inbound in on your firewall?

Collapse -

Sure

by LarryD4 In reply to Couldn't you...

But as of yet we don't know what hardware they are using and filtering though works well, depending on the amount of traffic he's getting, it could create a bottle neck on the rouer.

Collapse -

Install a Gateway/Firewall/Router on your internet connecton!

by 1bn0 In reply to Changing from public addr ...

Private address are meant for use behind a gateway on private network. Private IP address packets are suppose to be dropped by Public internet network equipment.

http://en.wikipedia.org/wiki/Private_network

http://compnetworking.about.com/od/workingwithipaddresses/f/privateipaddr.htm

"Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the local network cannot connect directly to a device with a private IP. Instead, access to such devices must be brokered by a router or similar device that supports Network Address Translation (NAT). NAT hides the private IP numbers but can selectively transfer messages to these devices, affording a layer of security to the local network."

Collapse -

FYI

by LarryD4 In reply to Install a Gateway/Firewal ...

Ahh but what happens if that firewall gets packet information destined for an address on your private side, that it manages?

Even though its wrong the NAT will allow those packets through.

Our provider was AT&T and we were using a SoHo firewall. We moved from a 172.0.0.0 network to a 10.15.0.0 network. We suddenly noticed alot more traffic on our switches.

We were getting AT&T\Bell labs packets in our network. Because they did not properly protect those networks on the AT&T backbone.

So it resulted in alot more traffic on our network.

When we complained Bell Labs told us we had to change our addressing if we wanted to fix the problem.

I guess they were not to worried about their rogue packets :)

Collapse -

Tks, I better clarified

by carmenmonterroso In reply to Changing from public addr ...

Thanks to everyone for your answers, but maybe I did not explain well. The network that I am changing address is private, we have a firewall for the Internet, so I am not using this addresses out of my network.

But I have a lot of TDM links to other sites, with routers in every site.

The problem is that now my servers that are in the remote site, have traffic to a lot of networks that are not in my site.

Back to Networks Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums