Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

176 IP Range

Status
Not open for further replies.
aquila125

aquila125

MIS
Jan 12, 2005
109
BE
Hi all,

to hide our internal network from our customers to whom we have a VPN tunnel, we are looking for an IP range that we can use, that is not used by any of our customers. Since the default IP ranges are all in use (172, 192 and 10), we'r looking for another range and where thinking about using the 176 range. We just would like to make sure nothing important is in that range.
Does anyone know where we can get info about a certain range, of does anyone know of another range that is safe to use for this purpose?

Thanks!
 
Sort by date Sort by votes
I administer from 192.152.175.x to 192.152.179.x in an internal network, so they will never occur on the real internet. If that range is large enough for you.


says 176.0.0.0 is reserved by the Internet Assigned Numbers Authority, so it is not currently in use, but could be at any time.

Search results for: 192.152.179.0


OrgName: Barrick Goldstrike Mines
OrgID: BGM
Address: 136 E. South Temple
Address: Suite 1300
City: Salt Lake City
StateProv: UT
PostalCode: 84111
Country: US

NetRange: 192.152.179.0 - 192.152.179.255
CIDR: 192.152.179.0/24
NetName: BGMNET-E
NetHandle: NET-192-152-179-0-1
Parent: NET-192-0-0-0-0
NetType: Direct Assignment
Comment:
RegDate: 1992-05-28
Updated: 1992-05-28

RTechHandle: JP4740-ARIN
RTechName: Palmer, Jim



I tried to remain child-like, all I acheived was childish.
 
Upvote 0 Downvote
thanks! But the range is too small.. No problem. I'll stick with the 176.0.0.0 range and take my chances with the IANA :)
 
Upvote 0 Downvote
Cool, I fit 1000 devices there (well those 4 plus 198.184.196.0 & 198.184.197.0) but if that is not enough, it just isn't.

I tried to remain child-like, all I acheived was childish.
 
Upvote 0 Downvote
Well, we can fit all of our pc's in that range, but we have several subnets so we only use a few percent of the entire range.. It's just simpler to use a range that is as large as the internal range.
 
Upvote 0 Downvote
If you use NAT on your VPN (it should work that way by default) it would not matter if you have conflicting RFC 1918 (private) address space. All of their private address space will become whatever IP you assign to their VPN tunnel when they connect with you.

I have never seen a valid need to utilize space outside the private space. What you are attempting to create is a potential disaster if the space that you choose to assign is used as routable space anywhere on the Internet.


pansophic
 
Upvote 0 Downvote
You have all three private RCC1918 ranges used up??? What are you, the Internet?lol

Burt
 
Upvote 0 Downvote
we'r not using all of the space, but we would like to hide our internal RFC1918 range and would like to select 1 other range we propose to all of our clients (we have about 25 VPN tunnels). It would be convenient if the range we choose now won't be used by any customer of ours.

In the meantime we abandoned this road ..
 
Upvote 0 Downvote
If I understand your situation correct you need a way to interconnect some external partners to your network and want to be sure you don't have any address conflicts.

I have had that situation where I worked before and I wouldn't recommend to do it as you plan.

Don't ever use public IP-addresses that are not your own. You will in up with problems. If you are lucky it will work, but if not, you will have BIG problems.

The problem I would expect you to hit first is that one of your partners won't accept to route public IP-numbers to you that you don't own.

The only way to solve your problem, in a way that will not give you problems in the future, is to use public IP-addresses (even if access is only using VPN-tunnels)

And depending on the number of IP-addresses your would need, that shouldn't be a problem to get them.
I expect that since you only have 25 VPN tunnels that you would need few IP-addresses.

/johnny
 
Upvote 0 Downvote
I'd think maybe you've misunderstood your 1918s. But maybe I've misunderstood your query entirely.

10.0 can't get to 10.1 without the appropriate route, or 10.2 or 192.168.14

you could take a 192.168.5 network and put it behind the 10.240.169.4 address and it will effectively be hidden without an appropriate route. NAT

10.x.x.x 192.16.x.x 172.16.x.x through 172.31.x.x

the routing and hiding possibilities are mind boggling


from RFC 1918
3. Private Address Space

The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)



Robert Liebsch
Systems Psychologist,
Network Sociologist,
Security Pathologist,
User Therapist.
 
Upvote 0 Downvote
There is no problem with using public addresses, even if they are being used by someone else, as long as the IP addresses never hit the outside interface to be NATted.

Burt
 
Upvote 0 Downvote
I don't agree with that.

Using other peoples IP-addresses will end up giving you problems.

One day you will have a user that need to connect to the public IP-numbers You have used as private IP-numbers.
Or You will interconnect with someone that refuses to route public ip-numbers to you that don't belong to you.

/johnny
 
Upvote 0 Downvote
But if they're not NATted, and therefore never see the outside world, this will not and cannot happen. It's kind of like a lab environment where people use 1.1.1.1...
Now if a user needs to connect to the internet, then obviously it would need to change. But for 1,000 printers that don't need the internet, ...
I would never do this, but nevertheless it can work, if they never see the internet.

Burt
 
Upvote 0 Downvote
We know if we use public IP ranges we cannot connect to those ranges. But we're using a big part of the 192.168.x.x range. One customer of ours is using the entire 10.x.x.x range. This doesn't leave much room for other clients. If we only need to connect to a few servers we could ask them to publish those servers onto external IP addresses. But in several cases we need to be able to connect to the entire IP range.
 
Upvote 0 Downvote
The problem is that from what is written you are not going to NAT your addresses, so in the total network (yours and the people you interconnect with) will not be able to access those IP-addresses on the internet.

I know the problem you are in. I have been there myself in year 2000 when I came to an installation who had been "fixing" their internetworking that way.
Then they got on customer that used the 10.x.x.x network plus a big part of the 172 private addresses and they network plan just broke down in the way that they didn't have a way out.
And they also came to understand that their (at that time) current network design wouldn't cope with their needs in the futute.

Your only way out that will give you a network design that will work and not give you problems each and every time you connect a new partner to the network is that you use your own public addresses for your services.

I have worked with companies that where small that used huge parts of the 10.x.x.x addresses by poor design.
But I have also worked with companies that had used all private IP-addresses just because they where big.

The company where I work today we always put shared services on public IP-addresses that we own.
We keep a tight lit on how they are used and we have to since we only have a /16 for public use.

Using private IP-numbers to shared service among customers only works ontil a given size of network.

One solution you could use could be to move to IPv6 (but still use public IP-numbers for your shared services.

/johnny
 
Upvote 0 Downvote
The problem isn't really our network, the problem is the clients.

We have several clients that use (parts of) the 10.x.x.x range. Since we usually control their firewall we can translate the addresses to new ranges. But now we have another customer that uses the entire 10.x.x.x range so that makes it a lot more difficult.

 
Upvote 0 Downvote
That is my point.

You can't keep up with changing everything for them.

What I did was to change all the servers at the company I worked for to public IP-addresses.

When i customer wanted to connect he had 2 options.
If he was only accessing services in the network he could just NAT what ever he wanted.

If he also had to offer services he had to offer them on public IP-numbers.
And if he didn't have any public IP-addresses to do it on we would give him a range he could use.

Since then (more then 7 years now) that installation hasn't had any problems in interconnecting networks.

/johnny
 
Upvote 0 Downvote
That would be an ideal option, but we offer services to our customers. So we always need to connect to sometimes a few servers, sometimes their entire network.

I can't wait until ip v6 is in use :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CryptoTuke
  • Locked
  • Question
Maximum buffer size on Winsock for sending one block of data over TCP / IP
Replies
1
Views
680
maybeimaleo
maybeimaleo
jmarkus
  • Locked
  • Question
Can I have a different private IP address which isn't on my router's subnet?
Replies
6
Views
580
sbcsu
sbcsu
Demon Monkey
  • Locked
  • Question
Whitelisting varying IP address?
Replies
2
Views
510
SamBones
SamBones
uuunnniiixxx
  • Locked
  • Question
Fieldbus vs TCP/IP
Replies
2
Views
396
meneerB
meneerB
TheFaz_
  • Locked
  • Question
Sending udp packets from fpga to the computer using Lwip tcp/ip stack using C programming
Replies
0
Views
470
TheFaz_
TheFaz_

Part and Inventory Search

Sponsor

Back
Top