Bsrgvty

What is a recommended strategy on exercises in a mathematical textbook at graduate level?

Is it reasonable to ask candidates to create a profile on Google Scholar?

What is the design rationale for having armor and magic penetration mechanics?

Diamondize Some Text

What does the British parliament hope to achieve by requesting a third Brexit extension?

How does Firefox know my ISP login page?

Is it possible to cross Arctic Ocean on ski/kayak undetectable now?

Is fascism intrinsically violent?

How to print and use a command output in a one-liner?

I got this nail stuck in my tire, should I plug or replace?

How is Smough's name pronounced?

Is there a historical explanation as to why the USA people are so litigious compared to France?

counter in hexadecimal base

Installing helm-projectile results in "mapc: Lisp nesting exceeds ‘max-lisp-eval-depth’"

Usefulness of Nash embedding theorem

Can you set fire to beer barrels?

"A tin of biscuits" vs "A biscuit tin"

'Pound' meaning in this context

How can a "proper" function have a vertical slope?

Can I get bubble tea at Taiyuan airport?

Paper status "Accept with Shepherd". What does it really mean?

How to protect my Wi-Fi password from being displayed by Android phones when sharing it with QR code?

How did Ron get five hundred Chocolate Frog cards?

Is Schrodinger's Cat itself an observer?

IP addresses from public IP block in my LAN

Block of 64 public IP's, how many usable?how to implement a network that communicates with the internet without NAT?Using a public IP for select hosts in a LANDo different nodes on a LAN share a public IPv6 address?How to bypass NAT for LAN to use Public IP addressess?Network Diagram for IPv6 LANBasic questions about Public IP addresses and used portsAccessing internal website from subnetAccess to a server behind the SonicWall from the LAN using Public IP addresses

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;

4

1

If I have NAT or PAT applied on edge router, Would it matter if I use IP addresses from public block in my LAN? And how?

ip nat lan

share|improve this question

edited May 2 at 17:46

Ron Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

asked May 2 at 17:18

NisaarDeenAzeemNisaarDeenAzeem

2122 bronze badges

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  Are they from a block you own and that's routed to your LAN? Then it would possibly make sense and you do not need NAT to route the IPs.
  
  – allo
  May 3 at 11:30
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  No, well, not owned. I see you answer below.
  
  – NisaarDeenAzeem
  May 10 at 10:49
  
  

  
  
  
  

add a comment
 | 

4

1

If I have NAT or PAT applied on edge router, Would it matter if I use IP addresses from public block in my LAN? And how?

ip nat lan

share|improve this question

edited May 2 at 17:46

Ron Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

asked May 2 at 17:18

NisaarDeenAzeemNisaarDeenAzeem

2122 bronze badges

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  Are they from a block you own and that's routed to your LAN? Then it would possibly make sense and you do not need NAT to route the IPs.
  
  – allo
  May 3 at 11:30
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  No, well, not owned. I see you answer below.
  
  – NisaarDeenAzeem
  May 10 at 10:49
  
  

  
  
  
  

add a comment
 | 

If I have NAT or PAT applied on edge router, Would it matter if I use IP addresses from public block in my LAN? And how?

ip nat lan

share|improve this question

edited May 2 at 17:46

Ron Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

asked May 2 at 17:18

NisaarDeenAzeemNisaarDeenAzeem

2122 bronze badges

share|improve this question

edited May 2 at 17:46

Ron Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

asked May 2 at 17:18

NisaarDeenAzeemNisaarDeenAzeem

2122 bronze badges

share|improve this question

edited May 2 at 17:46

Ron Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

asked May 2 at 17:18

NisaarDeenAzeemNisaarDeenAzeem

2122 bronze badges

edited May 2 at 17:46

Ron Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

edited May 2 at 17:46

Ron Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

asked May 2 at 17:18

NisaarDeenAzeemNisaarDeenAzeem

2122 bronze badges

asked May 2 at 17:18

NisaarDeenAzeemNisaarDeenAzeem

2122 bronze badges

2 Answers
2

active

oldest

votes

17

EDITED

I'm assuming you're considering using an IP block that is not registered to you. Otherwise, skip to the last paragraph.

Besides being a very poor practice, if you use public addresses on your internal network, that means that you can never reach hosts that use those real addresses. You may think you'll never need to reach servers in some other part of the world, but you'd be surprised at how often that happens.

BTW, if you don't use NAT, you're essentially hijacking someone else's addresses, and your ISP may disconnect you from the Internet (among other things).

The RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) should provide plenty of address space for your internal network.

If you are using your own IP block, then there's nothing wrong with using those addresses internally. It may possibly increase your security risks, but those can be mitigated by other means.

share|improve this answer

edited May 3 at 12:48

answered May 2 at 17:31

Ron TrunkRon Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  Also note that non-RFC1918 addresses used inside your network wreak havoc with many security monitoring/intrusion detection systems. As far as the appliances are concerned, those are internet addresses which means those are internet originated packets bouncing around your LAN. Alarm bells ensue.
  
  – drxzcl
  May 2 at 20:42
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  There's also the issue of reverse DNS lookups. For example, if you gave one of your computers the IP address 172.217.14.196, it'll show up in various places with the name sea30s01-in-f4.1e100.net.
  
  – Mark
  May 2 at 20:52
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  Even if you use NAT, it's very possible to have a router/NAT/firewall configuration that will send your LAN packets using public addresses out to the internet.
  
  – mtraceur
  May 2 at 21:24
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  And of course, the fact that you can't access those hosts on the Internet is the reason it's a very poor practice.
  
  – immibis
  May 2 at 23:14
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  Although it's extremely unusual, there is a special case where this would be legitimate: your network has properly assigned "public" IP addresses and those are what you are using. And for some reason you're also using PAT/NAT, perhaps to cloak your internal structure, perhaps to merge with another organisation's addressing. I've never seen this, and don't expect to!
  
  – jonathanjo
  May 3 at 7:58
  

  
  
  
  

 | 
show 2 more comments

1

It matters in the situation that you do not need/want to reach those public IPs used.

If you use such IPs and then you, for example, want to access a site that has one of the IPs, it will not work, because your IP will resolve locally instead of going through your edge router and forward.

My company also uses such a system (it was implemented this way to be able to connect to other partner locations via EIGRP) and the corresponding IPs are assigned to China, so things should be fine as the company does not deal anything directly with something in hosted in China.

share|improve this answer

answered May 3 at 12:39

OvermindOvermind

12111 bronze badge

add a comment
 | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "496"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f58866%2fip-addresses-from-public-ip-block-in-my-lan%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

17

EDITED

I'm assuming you're considering using an IP block that is not registered to you. Otherwise, skip to the last paragraph.

Besides being a very poor practice, if you use public addresses on your internal network, that means that you can never reach hosts that use those real addresses. You may think you'll never need to reach servers in some other part of the world, but you'd be surprised at how often that happens.

BTW, if you don't use NAT, you're essentially hijacking someone else's addresses, and your ISP may disconnect you from the Internet (among other things).

The RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) should provide plenty of address space for your internal network.

If you are using your own IP block, then there's nothing wrong with using those addresses internally. It may possibly increase your security risks, but those can be mitigated by other means.

share|improve this answer

edited May 3 at 12:48

answered May 2 at 17:31

Ron TrunkRon Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  Also note that non-RFC1918 addresses used inside your network wreak havoc with many security monitoring/intrusion detection systems. As far as the appliances are concerned, those are internet addresses which means those are internet originated packets bouncing around your LAN. Alarm bells ensue.
  
  – drxzcl
  May 2 at 20:42
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  There's also the issue of reverse DNS lookups. For example, if you gave one of your computers the IP address 172.217.14.196, it'll show up in various places with the name sea30s01-in-f4.1e100.net.
  
  – Mark
  May 2 at 20:52
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  Even if you use NAT, it's very possible to have a router/NAT/firewall configuration that will send your LAN packets using public addresses out to the internet.
  
  – mtraceur
  May 2 at 21:24
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  And of course, the fact that you can't access those hosts on the Internet is the reason it's a very poor practice.
  
  – immibis
  May 2 at 23:14
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  Although it's extremely unusual, there is a special case where this would be legitimate: your network has properly assigned "public" IP addresses and those are what you are using. And for some reason you're also using PAT/NAT, perhaps to cloak your internal structure, perhaps to merge with another organisation's addressing. I've never seen this, and don't expect to!
  
  – jonathanjo
  May 3 at 7:58
  

  
  
  
  

 | 
show 2 more comments

17

EDITED

I'm assuming you're considering using an IP block that is not registered to you. Otherwise, skip to the last paragraph.

Besides being a very poor practice, if you use public addresses on your internal network, that means that you can never reach hosts that use those real addresses. You may think you'll never need to reach servers in some other part of the world, but you'd be surprised at how often that happens.

BTW, if you don't use NAT, you're essentially hijacking someone else's addresses, and your ISP may disconnect you from the Internet (among other things).

The RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) should provide plenty of address space for your internal network.

If you are using your own IP block, then there's nothing wrong with using those addresses internally. It may possibly increase your security risks, but those can be mitigated by other means.

share|improve this answer

edited May 3 at 12:48

answered May 2 at 17:31

Ron TrunkRon Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  Also note that non-RFC1918 addresses used inside your network wreak havoc with many security monitoring/intrusion detection systems. As far as the appliances are concerned, those are internet addresses which means those are internet originated packets bouncing around your LAN. Alarm bells ensue.
  
  – drxzcl
  May 2 at 20:42
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  There's also the issue of reverse DNS lookups. For example, if you gave one of your computers the IP address 172.217.14.196, it'll show up in various places with the name sea30s01-in-f4.1e100.net.
  
  – Mark
  May 2 at 20:52
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  Even if you use NAT, it's very possible to have a router/NAT/firewall configuration that will send your LAN packets using public addresses out to the internet.
  
  – mtraceur
  May 2 at 21:24
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  And of course, the fact that you can't access those hosts on the Internet is the reason it's a very poor practice.
  
  – immibis
  May 2 at 23:14
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  Although it's extremely unusual, there is a special case where this would be legitimate: your network has properly assigned "public" IP addresses and those are what you are using. And for some reason you're also using PAT/NAT, perhaps to cloak your internal structure, perhaps to merge with another organisation's addressing. I've never seen this, and don't expect to!
  
  – jonathanjo
  May 3 at 7:58
  

  
  
  
  

 | 
show 2 more comments

EDITED

I'm assuming you're considering using an IP block that is not registered to you. Otherwise, skip to the last paragraph.

Besides being a very poor practice, if you use public addresses on your internal network, that means that you can never reach hosts that use those real addresses. You may think you'll never need to reach servers in some other part of the world, but you'd be surprised at how often that happens.

BTW, if you don't use NAT, you're essentially hijacking someone else's addresses, and your ISP may disconnect you from the Internet (among other things).

The RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) should provide plenty of address space for your internal network.

If you are using your own IP block, then there's nothing wrong with using those addresses internally. It may possibly increase your security risks, but those can be mitigated by other means.

share|improve this answer

edited May 3 at 12:48

answered May 2 at 17:31

Ron TrunkRon Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

share|improve this answer

edited May 3 at 12:48

answered May 2 at 17:31

Ron TrunkRon Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

answered May 2 at 17:31

Ron TrunkRon Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

answered May 2 at 17:31

Ron TrunkRon Trunk

45.9k33 gold badges4343 silver badges9595 bronze badges

1

It matters in the situation that you do not need/want to reach those public IPs used.

If you use such IPs and then you, for example, want to access a site that has one of the IPs, it will not work, because your IP will resolve locally instead of going through your edge router and forward.

My company also uses such a system (it was implemented this way to be able to connect to other partner locations via EIGRP) and the corresponding IPs are assigned to China, so things should be fine as the company does not deal anything directly with something in hosted in China.

share|improve this answer

answered May 3 at 12:39

OvermindOvermind

12111 bronze badge

add a comment
 | 

1

It matters in the situation that you do not need/want to reach those public IPs used.

If you use such IPs and then you, for example, want to access a site that has one of the IPs, it will not work, because your IP will resolve locally instead of going through your edge router and forward.

My company also uses such a system (it was implemented this way to be able to connect to other partner locations via EIGRP) and the corresponding IPs are assigned to China, so things should be fine as the company does not deal anything directly with something in hosted in China.

share|improve this answer

answered May 3 at 12:39

OvermindOvermind

12111 bronze badge

add a comment
 | 

It matters in the situation that you do not need/want to reach those public IPs used.

If you use such IPs and then you, for example, want to access a site that has one of the IPs, it will not work, because your IP will resolve locally instead of going through your edge router and forward.

My company also uses such a system (it was implemented this way to be able to connect to other partner locations via EIGRP) and the corresponding IPs are assigned to China, so things should be fine as the company does not deal anything directly with something in hosted in China.

share|improve this answer

answered May 3 at 12:39

OvermindOvermind

12111 bronze badge

share|improve this answer

answered May 3 at 12:39

OvermindOvermind

12111 bronze badge

answered May 3 at 12:39

OvermindOvermind

12111 bronze badge

answered May 3 at 12:39

OvermindOvermind

12111 bronze badge