Announcement

Collapse
No announcement yet.

External IPs used Internally on Network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • External IPs used Internally on Network

    This is likely going to be viewed as a ridiculous question, but I've trusted the information (and brainpower) of these forums for too long to let the fear of looking utterly foolish stop me.

    I recently inherited a network that is using external IPs as their internal IP addressing. There is no NAT, but there is a decent firewall that acts as the gateway. We have two domain controllers, both acting as DNS for the internal network, and they resolve everything fine. I have never created nor inherited a network that uses external IP addressing internally. In fact, I've never even heard of this being done.

    My question is, what are the implications of this? I know it's completely bad form, but I cannot find any information as to why having external IPs for an internal network connected to the Internet is so nasty. It seems using reserved IPs is such a universal practice no one would even consider setting up a network otherwise, which explains the lack of information.

  • #2
    Re: External IPs used Internally on Network

    Others could tell you better as I've not been a administrator for overly long.
    As far as I know using External IP's for an internal network is a little old school.
    The main draw back was the cost of using many External IP's as each had to be paid for, rather than only having to purchase one External IP and let your NAT sort out the internal IP's.

    hope this helps

    Blad

    Comment


    • #3
      Re: External IPs used Internally on Network

      I think I left out one important fact... The IPs currently being used belong to someone else, actually lots of other businesses. When I leave our happily dysfunctional network, those IPs we use internally resolve to other websites, mailservers, etc. all belonging to numerous entities. They used to belong to the business long ago (I think three years or so), but have since been assigned elsewhere. Our high speed connection is through another provider entirely these days, but they kept the original IPs out of laziness or something.

      It's not just old school anymore, now it's heresy!

      Comment


      • #4
        Re: External IPs used Internally on Network

        well, what's the problem? reconfigure everything with private IPs, set up a DHCP server and Bob's your uncle
        ________
        Nino vaccarella
        Last edited by DYasny; 6th March 2011, 18:12.
        Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

        BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

        Comment


        • #5
          Re: External IPs used Internally on Network

          Reconfiguring the subnet is certainly on the top of my list, but I want to know what's bad about a private network with access to the Internet that uses in-use external IPs. I know it's wrong, I just don't know why (other than the obvious: if I want to go to a www site or access a server in that address range, I would be unable to do so).

          My uncle Bob died. And even worse, DHCP isn't an option given that our POS software uses ancient, written-on-clay-tablets ubb and some pseudo-hosts file circa late 1980s that insists on assigning special user ports that are assignable only by a user tied to an IP. SCO Caraziness! I lied about Bob, though.

          Comment


          • #6
            Re: External IPs used Internally on Network

            SCO? that's a pain in the ass alright...
            hope it's not v6 at least?

            anyhow, if everything works alright, and the only problem you have is accessing real IP addresses, you should not have a problem leaving things as they are

            on the other hand, if possible, I'd try to push for removing that horrible system out of sight, as far as possible, and get BSD or Solaris instead. SCO is just way too troublesome for production.


            Just had to reorganize a computational cluster on 392 SCO 6 machines, all because SCO has a stupid FS management issue, where you have to leave a free byte between two partitions you create, but it will actually allow you not to do that without even a warning...
            ________
            HONDA CD250U HISTORY
            Last edited by DYasny; 6th March 2011, 18:12.
            Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

            BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

            Comment


            • #7
              Re: External IPs used Internally on Network

              It's not wrong but it is unorthodox, unusual, and not the recommended practice. Before the advent of NAT, everyone used "routable" ip addresses on their internal hosts. The big problem you have is that the ip addresses do not "belong" to you or your ISP (which would normally allocate ip addresses to you). There are two main concerns that I see to your current configuration:

              1. Internet traffic to and from your network can't possibly work for reasons that are too many to list here, due to the fact that the ip addresses "belong" to someone else and are being routed elsewhere.

              2. Your internal network may become an easier target for hackers if your firewall is breached due to the fact that your internal ip addresses are not hidden behind a NAT device.

              I would recommend that you re-address your internal network according to RFC 1918 and find out what public addresss space you should be using from your ISP and set up NAT accordingly.

              Comment


              • #8
                Re: External IPs used Internally on Network

                Originally posted by joeqwerty View Post
                1. Internet traffic to and from your network can't possibly work for reasons that are too many to list here, due to the fact that the ip addresses "belong" to someone else and are being routed elsewhere.
                It's worked for a number of years with this setup. Granted, a look at client and server hosts files reads like a phone book for the greater LA area, but internal and external resolution does work fine. I imagine it was a nightmare to administer, changing all those hosts files manually (or so it appears).

                As for your recommendations, I plan on doing just that It would have been nice to tell management that the current setup is ushering in Armageddon rather than, "it's bad form that may leave us open to attack." Our firewall is OK, though, and they know it.

                Comment


                • #9
                  Re: External IPs used Internally on Network

                  How about internet traffic destined for your network, such as web, email, etc? Is there any, and if so, how does it get to you if the ip addresses belong to someone else?

                  Are you NAT'ing ip addresses from your ISP to the internal ip addresses? This is the only way I can see it possibly working.

                  Comment


                  • #10
                    Re: External IPs used Internally on Network

                    I lied. There is NAT. It's on a SonicWall device, which I have never seen until now. NAT looks like an afterthought in the menu and the NAT policy table is crazy. Sorry about that. In retrospect, it would have been a natural assumption that NAT handled external -> internal resolution.

                    Just when I feel I've reached the bottom of the rabbit hole with this network setup, I find it goes on... and on.

                    Comment


                    • #11
                      Re: External IPs used Internally on Network

                      Our internal network has been using 150.150.150.0/24 since the mid 90's.

                      It's fully NATed and has zero problems.

                      Until now... We have four sites connected through Qwest that we will be upgrading in a couple months. One of Qwest's requirements is that we need a private IP. So after 10+ years we are finally forced to change to a private ip assignment.

                      Comment


                      • #12
                        Re: External IPs used Internally on Network

                        Just to add to what Joe and DYnasy say, you may want to setup DHCP anyways and create a reservation for each computer. It will make future configuration changes much simpler.

                        It sounds like a lot of work ahead of you. How many hosts?
                        Regards,
                        Jeremy

                        Network Consultant/Engineer
                        Baltimore - Washington area and beyond
                        www.gma-cpa.com

                        Comment


                        • #13
                          Re: External IPs used Internally on Network

                          Sounds like the former admin picked an IP subnet at random, and then created host files to work around the inevitable problems.
                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment

                          Working...
                          X