22 Feb
2021
22 Feb
'21
9:52 a.m.
"- 44.168.80.0/23, which is an internal, private network for hams, and
which is not reachable from public Internet
This allows for clear distinction about what is on Internet and what is
not, and it simplifies firewall policy management."
"73 de TK1BI"
Here is one way of doing things that I dont like much, and at the same time I do
understand why you do it that way. But for me that /23 of adress space is being lost. the
/23 could be using one of the private subnet that are already available to us. That way
you are sure that no one nowhere will jump in the group.
The 44 net adress space is by definition routable from all over the world.(if route tables
are built for it. ) using them in an enclosed private network is not what it was designed
for.
One thing to consider for the adress space is that some will not want people from other
adress spaces to connect to them. I know that a firewall can reject whole ip space 100% of
the ip of the world in one line, and with just a few line it will allow just the 2
remeaining 44 adress space . Yes ip adress can be spoofed. So yen we cannot use that as
the main security of the network. But it will deal with 99% of traffic. for the rest we
need to do real identification stuff. And that is not at the adress space level that it
need to be done.