Home > Articles > Networking

  • Print
  • + Share This
This chapter is from the book

Local Network Addresses

Three pools of IP addresses have been reserved for use on local networks that are either behind firewalls and proxy servers or not connected to the Internet in any manner. The reserved address pools, known as private network addressing, are

  • 10.0.0.0 through 10.255.255.255

  • 172.16.0.0 through 172.31.255.255

  • 192.168.0.0 through 192.168.255.255

These addresses were created to provide networks not attached to the Internet with a pool of IP addresses that do not conflict with any addresses currently in use on the Internet. If networks using these reserved addresses link to the Internet in the future, they do not have to worry about an address conflict with any other network on the Internet.

The network in Figure 3.5 uses the network address 192.168.3.0 for the private network. In this example, the firewall has a component known as the Local Address Table (LAT). The Local Address Table designates that the internal interface of the firewall is on the 192.168.3.0 network. Any hosts using an IP address that belongs on the 192.168.3.0 network must be located on the internal side of the firewall. A host trying to connect from the Internet side of the firewall will be stopped by the firewall for security reasons.

Figure 3.5 Use of private addresses.

Why Private Addresses Were Created

When I first started to set up firewalls, I was not aware of the reserved local address tables. I used the network address 131.107.0.0 with the subnet mask 255.255.0.0 for my internal network.

I thought I correctly configured this network range into the firewall's LAT and communications function—until someone attempted to send e-mail to a recipient at microsoft.com. The mail server for the domain microsoft.com was located at 131.107.3.42. When the e-mail was forwarded to our firewall, it resolved the Mail Exchanger (MX) record for microsoft.com and determined that it needed to forward the mail to 131.107.3.42. Using its LAT table, the firewall determined that this server must be located somewhere on our local network. The mail was not successfully delivered—ever!

Besides preventing address conflicts with the Internet, private network addressing also reduces the demand for public network IP addresses. When data is sent from the private network to public network, the original source address information is translated to an ISP-obtained outbound address. This process is known as network address translation (NAT).

The NAT process helps prevent external attackers from determining the IP addresses in use on your private network, as well as reduce the demands for public network addresses. For example, if you had thousands of hosts behind your firewall, you would only require a single public network IP address for outbound traffic, rather than one per host on the private network.

Note

NAT is discussed in Day 13, "Protecting Your Network."

  • + Share This
  • 🔖 Save To Your Account