|
Lesson 1
Determining IP Addressing Requirements
2-7
Using Unregistered Addresses
Most TCP/IP networks use unregistered IP addresses (also called private
network
addresses) for the servers and workstations that only internal users need to
access.
These are addresses that are not registered with the IANA, and as a result,
they are
invisible to the Internet. Because they are invisible, Internet criminals
cannot specifi-
cally target them for virus distribution or other types of compromise
(although they are
still vulnerable in other ways). As described in RFC 1918, “Address
Allocation for Pri-
vate Internets,” the IANA has set aside three IP address ranges for use by
private net-
works. These addresses are not registered to any single network, so anyone
can use
them for computers and other devices on a private network.
The private IP address ranges designated by the IANA are as follows:
■
10.0.0.0 through 10.255.255.255
■
172.16.0.0 through 172.31.255.255
■
192.168.0.0 through 192.168.255.255
Tip
On a private network that is not connected to the Internet in any way, you
can use any IP
addresses you want to, registered or not, because there is no way for them
to conflict with
the registered users of those addresses on the Internet. However, if your
network users
access the Internet in any way, you should always use the designated private
address ranges
to prevent conflicts with Internet computers.
Accessing the Internet from a Private Network
The logical question that remains, however, when you elect to use
unregistered IP
addresses on your network, is how your users can access the Internet. If
unregistered
addresses are invisible to the Internet, how is an Internet Web server
supposed to
respond to a request from a browser on an unregistered network? The answer
is that
the network designer incorporates a mechanism into the network
infrastructure that
enables unregistered clients to access Internet services. The two most
common mech-
anisms of this type are NAT and proxy servers.
Using Network Address Translation
Network address translation is an application built into a router that
functions as an
intermediary between unregistered clients on a private network and
registered Internet
servers. Client computers can use NAT to send requests to Internet servers
and receive
replies, despite the fact that the clients have unregistered network
addresses. This pro-
vides the unregistered computers with Internet access, without compromising
their
protection from Internet intrusion.
|
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)