Subject: Re: [44net] 192.168.0.2 gateway From: Mark Phillips g7ltt@g7ltt.com Date: 02/06/2017 02:34 PM
To: AMPRNet working group 44net@hamradio.ucsd.edu
I would say "no".
Y'see, we don't know what kind of network things are riding over. the network in question could be (for example) a mesh install configured similar to that of the local cable company. The users get real addresses but the infrastructure does not.
I think precisely this is the reason why such addresses should be rejected: The user may have the wrong assumption that the address to be entered here is the address of the system terminating the tunnel, while in reality it has to be the internet-visible address that supposedly is NATted to the tunnel gateway.
So, what happens in the local infrastructure does not matter.
Rob
On 02/06/2017 03:05 PM, Rob Janssen wrote:
I think precisely this is the reason why such addresses should be rejected: The user may have the wrong assumption that the address to be entered here is the address of the system terminating the tunnel, while in reality it has to be the internet-visible address that supposedly is NATted to the tunnel gateway.
So, what happens in the local infrastructure does not matter.
Exactly. RFC1918 speaks of autonomous networks. RFC-1918 netblocks should never be routed or advertised outside your own autonomous network. Ingress interfaces and routers should also drop packets and route advertisements from these networks.
-
James Sharp -
Rob Janssen