IP addresses from public IP block in my LANBlock of 64 public IP's, how many usable?how to implement a network that communicates with the internet without NAT?Using a public IP for select hosts in a LANDo different nodes on a LAN share a public IPv6 address?How to bypass NAT for LAN to use Public IP addressess?Network Diagram for IPv6 LANBasic questions about Public IP addresses and used portsAccessing internal website from subnetAccess to a server behind the SonicWall from the LAN using Public IP addresses

What is a recommended strategy on exercises in a mathematical textbook at graduate level?

Is it reasonable to ask candidates to create a profile on Google Scholar?

What is the design rationale for having armor and magic penetration mechanics?

Diamondize Some Text

What does the British parliament hope to achieve by requesting a third Brexit extension?

How does Firefox know my ISP login page?

Is it possible to cross Arctic Ocean on ski/kayak undetectable now?

Is fascism intrinsically violent?

How to print and use a command output in a one-liner?

I got this nail stuck in my tire, should I plug or replace?

How is Smough's name pronounced?

Is there a historical explanation as to why the USA people are so litigious compared to France?

counter in hexadecimal base

Installing helm-projectile results in "mapc: Lisp nesting exceeds ‘max-lisp-eval-depth’"

Usefulness of Nash embedding theorem

Can you set fire to beer barrels?

"A tin of biscuits" vs "A biscuit tin"

'Pound' meaning in this context

How can a "proper" function have a vertical slope?

Can I get bubble tea at Taiyuan airport?

Paper status "Accept with Shepherd". What does it really mean?

How to protect my Wi-Fi password from being displayed by Android phones when sharing it with QR code?

How did Ron get five hundred Chocolate Frog cards?

Is Schrodinger's Cat itself an observer?



IP addresses from public IP block in my LAN


Block of 64 public IP's, how many usable?how to implement a network that communicates with the internet without NAT?Using a public IP for select hosts in a LANDo different nodes on a LAN share a public IPv6 address?How to bypass NAT for LAN to use Public IP addressess?Network Diagram for IPv6 LANBasic questions about Public IP addresses and used portsAccessing internal website from subnetAccess to a server behind the SonicWall from the LAN using Public IP addresses






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









4

















If I have NAT or PAT applied on edge router, Would it matter if I use IP addresses from public block in my LAN? And how?










share|improve this question























  • 2





    Are they from a block you own and that's routed to your LAN? Then it would possibly make sense and you do not need NAT to route the IPs.

    – allo
    May 3 at 11:30












  • No, well, not owned. I see you answer below.

    – NisaarDeenAzeem
    May 10 at 10:49


















4

















If I have NAT or PAT applied on edge router, Would it matter if I use IP addresses from public block in my LAN? And how?










share|improve this question























  • 2





    Are they from a block you own and that's routed to your LAN? Then it would possibly make sense and you do not need NAT to route the IPs.

    – allo
    May 3 at 11:30












  • No, well, not owned. I see you answer below.

    – NisaarDeenAzeem
    May 10 at 10:49














4












4








4


1






If I have NAT or PAT applied on edge router, Would it matter if I use IP addresses from public block in my LAN? And how?










share|improve this question
















If I have NAT or PAT applied on edge router, Would it matter if I use IP addresses from public block in my LAN? And how?







ip nat lan






share|improve this question















share|improve this question













share|improve this question




share|improve this question



share|improve this question








edited May 2 at 17:46









Ron Trunk

45.9k3 gold badges43 silver badges95 bronze badges




45.9k3 gold badges43 silver badges95 bronze badges










asked May 2 at 17:18









NisaarDeenAzeemNisaarDeenAzeem

212 bronze badges




212 bronze badges










  • 2





    Are they from a block you own and that's routed to your LAN? Then it would possibly make sense and you do not need NAT to route the IPs.

    – allo
    May 3 at 11:30












  • No, well, not owned. I see you answer below.

    – NisaarDeenAzeem
    May 10 at 10:49













  • 2





    Are they from a block you own and that's routed to your LAN? Then it would possibly make sense and you do not need NAT to route the IPs.

    – allo
    May 3 at 11:30












  • No, well, not owned. I see you answer below.

    – NisaarDeenAzeem
    May 10 at 10:49








2




2





Are they from a block you own and that's routed to your LAN? Then it would possibly make sense and you do not need NAT to route the IPs.

– allo
May 3 at 11:30






Are they from a block you own and that's routed to your LAN? Then it would possibly make sense and you do not need NAT to route the IPs.

– allo
May 3 at 11:30














No, well, not owned. I see you answer below.

– NisaarDeenAzeem
May 10 at 10:49






No, well, not owned. I see you answer below.

– NisaarDeenAzeem
May 10 at 10:49











2 Answers
2






active

oldest

votes


















17


















EDITED



I'm assuming you're considering using an IP block that is not registered to you. Otherwise, skip to the last paragraph.



Besides being a very poor practice, if you use public addresses on your internal network, that means that you can never reach hosts that use those real addresses. You may think you'll never need to reach servers in some other part of the world, but you'd be surprised at how often that happens.



BTW, if you don't use NAT, you're essentially hijacking someone else's addresses, and your ISP may disconnect you from the Internet (among other things).



The RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) should provide plenty of address space for your internal network.



If you are using your own IP block, then there's nothing wrong with using those addresses internally. It may possibly increase your security risks, but those can be mitigated by other means.






share|improve this answer























  • 2





    Also note that non-RFC1918 addresses used inside your network wreak havoc with many security monitoring/intrusion detection systems. As far as the appliances are concerned, those are internet addresses which means those are internet originated packets bouncing around your LAN. Alarm bells ensue.

    – drxzcl
    May 2 at 20:42






  • 2





    There's also the issue of reverse DNS lookups. For example, if you gave one of your computers the IP address 172.217.14.196, it'll show up in various places with the name sea30s01-in-f4.1e100.net.

    – Mark
    May 2 at 20:52






  • 2





    Even if you use NAT, it's very possible to have a router/NAT/firewall configuration that will send your LAN packets using public addresses out to the internet.

    – mtraceur
    May 2 at 21:24






  • 2





    And of course, the fact that you can't access those hosts on the Internet is the reason it's a very poor practice.

    – immibis
    May 2 at 23:14






  • 2





    Although it's extremely unusual, there is a special case where this would be legitimate: your network has properly assigned "public" IP addresses and those are what you are using. And for some reason you're also using PAT/NAT, perhaps to cloak your internal structure, perhaps to merge with another organisation's addressing. I've never seen this, and don't expect to!

    – jonathanjo
    May 3 at 7:58


















1


















It matters in the situation that you do not need/want to reach those public IPs used.



If you use such IPs and then you, for example, want to access a site that has one of the IPs, it will not work, because your IP will resolve locally instead of going through your edge router and forward.



My company also uses such a system (it was implemented this way to be able to connect to other partner locations via EIGRP) and the corresponding IPs are assigned to China, so things should be fine as the company does not deal anything directly with something in hosted in China.






share|improve this answer



























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "496"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );














    draft saved

    draft discarded
















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f58866%2fip-addresses-from-public-ip-block-in-my-lan%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown


























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    17


















    EDITED



    I'm assuming you're considering using an IP block that is not registered to you. Otherwise, skip to the last paragraph.



    Besides being a very poor practice, if you use public addresses on your internal network, that means that you can never reach hosts that use those real addresses. You may think you'll never need to reach servers in some other part of the world, but you'd be surprised at how often that happens.



    BTW, if you don't use NAT, you're essentially hijacking someone else's addresses, and your ISP may disconnect you from the Internet (among other things).



    The RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) should provide plenty of address space for your internal network.



    If you are using your own IP block, then there's nothing wrong with using those addresses internally. It may possibly increase your security risks, but those can be mitigated by other means.






    share|improve this answer























    • 2





      Also note that non-RFC1918 addresses used inside your network wreak havoc with many security monitoring/intrusion detection systems. As far as the appliances are concerned, those are internet addresses which means those are internet originated packets bouncing around your LAN. Alarm bells ensue.

      – drxzcl
      May 2 at 20:42






    • 2





      There's also the issue of reverse DNS lookups. For example, if you gave one of your computers the IP address 172.217.14.196, it'll show up in various places with the name sea30s01-in-f4.1e100.net.

      – Mark
      May 2 at 20:52






    • 2





      Even if you use NAT, it's very possible to have a router/NAT/firewall configuration that will send your LAN packets using public addresses out to the internet.

      – mtraceur
      May 2 at 21:24






    • 2





      And of course, the fact that you can't access those hosts on the Internet is the reason it's a very poor practice.

      – immibis
      May 2 at 23:14






    • 2





      Although it's extremely unusual, there is a special case where this would be legitimate: your network has properly assigned "public" IP addresses and those are what you are using. And for some reason you're also using PAT/NAT, perhaps to cloak your internal structure, perhaps to merge with another organisation's addressing. I've never seen this, and don't expect to!

      – jonathanjo
      May 3 at 7:58















    17


















    EDITED



    I'm assuming you're considering using an IP block that is not registered to you. Otherwise, skip to the last paragraph.



    Besides being a very poor practice, if you use public addresses on your internal network, that means that you can never reach hosts that use those real addresses. You may think you'll never need to reach servers in some other part of the world, but you'd be surprised at how often that happens.



    BTW, if you don't use NAT, you're essentially hijacking someone else's addresses, and your ISP may disconnect you from the Internet (among other things).



    The RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) should provide plenty of address space for your internal network.



    If you are using your own IP block, then there's nothing wrong with using those addresses internally. It may possibly increase your security risks, but those can be mitigated by other means.






    share|improve this answer























    • 2





      Also note that non-RFC1918 addresses used inside your network wreak havoc with many security monitoring/intrusion detection systems. As far as the appliances are concerned, those are internet addresses which means those are internet originated packets bouncing around your LAN. Alarm bells ensue.

      – drxzcl
      May 2 at 20:42






    • 2





      There's also the issue of reverse DNS lookups. For example, if you gave one of your computers the IP address 172.217.14.196, it'll show up in various places with the name sea30s01-in-f4.1e100.net.

      – Mark
      May 2 at 20:52






    • 2





      Even if you use NAT, it's very possible to have a router/NAT/firewall configuration that will send your LAN packets using public addresses out to the internet.

      – mtraceur
      May 2 at 21:24






    • 2





      And of course, the fact that you can't access those hosts on the Internet is the reason it's a very poor practice.

      – immibis
      May 2 at 23:14






    • 2





      Although it's extremely unusual, there is a special case where this would be legitimate: your network has properly assigned "public" IP addresses and those are what you are using. And for some reason you're also using PAT/NAT, perhaps to cloak your internal structure, perhaps to merge with another organisation's addressing. I've never seen this, and don't expect to!

      – jonathanjo
      May 3 at 7:58













    17














    17










    17









    EDITED



    I'm assuming you're considering using an IP block that is not registered to you. Otherwise, skip to the last paragraph.



    Besides being a very poor practice, if you use public addresses on your internal network, that means that you can never reach hosts that use those real addresses. You may think you'll never need to reach servers in some other part of the world, but you'd be surprised at how often that happens.



    BTW, if you don't use NAT, you're essentially hijacking someone else's addresses, and your ISP may disconnect you from the Internet (among other things).



    The RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) should provide plenty of address space for your internal network.



    If you are using your own IP block, then there's nothing wrong with using those addresses internally. It may possibly increase your security risks, but those can be mitigated by other means.






    share|improve this answer
















    EDITED



    I'm assuming you're considering using an IP block that is not registered to you. Otherwise, skip to the last paragraph.



    Besides being a very poor practice, if you use public addresses on your internal network, that means that you can never reach hosts that use those real addresses. You may think you'll never need to reach servers in some other part of the world, but you'd be surprised at how often that happens.



    BTW, if you don't use NAT, you're essentially hijacking someone else's addresses, and your ISP may disconnect you from the Internet (among other things).



    The RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) should provide plenty of address space for your internal network.



    If you are using your own IP block, then there's nothing wrong with using those addresses internally. It may possibly increase your security risks, but those can be mitigated by other means.







    share|improve this answer















    share|improve this answer




    share|improve this answer



    share|improve this answer








    edited May 3 at 12:48

























    answered May 2 at 17:31









    Ron TrunkRon Trunk

    45.9k3 gold badges43 silver badges95 bronze badges




    45.9k3 gold badges43 silver badges95 bronze badges










    • 2





      Also note that non-RFC1918 addresses used inside your network wreak havoc with many security monitoring/intrusion detection systems. As far as the appliances are concerned, those are internet addresses which means those are internet originated packets bouncing around your LAN. Alarm bells ensue.

      – drxzcl
      May 2 at 20:42






    • 2





      There's also the issue of reverse DNS lookups. For example, if you gave one of your computers the IP address 172.217.14.196, it'll show up in various places with the name sea30s01-in-f4.1e100.net.

      – Mark
      May 2 at 20:52






    • 2





      Even if you use NAT, it's very possible to have a router/NAT/firewall configuration that will send your LAN packets using public addresses out to the internet.

      – mtraceur
      May 2 at 21:24






    • 2





      And of course, the fact that you can't access those hosts on the Internet is the reason it's a very poor practice.

      – immibis
      May 2 at 23:14






    • 2





      Although it's extremely unusual, there is a special case where this would be legitimate: your network has properly assigned "public" IP addresses and those are what you are using. And for some reason you're also using PAT/NAT, perhaps to cloak your internal structure, perhaps to merge with another organisation's addressing. I've never seen this, and don't expect to!

      – jonathanjo
      May 3 at 7:58












    • 2





      Also note that non-RFC1918 addresses used inside your network wreak havoc with many security monitoring/intrusion detection systems. As far as the appliances are concerned, those are internet addresses which means those are internet originated packets bouncing around your LAN. Alarm bells ensue.

      – drxzcl
      May 2 at 20:42






    • 2





      There's also the issue of reverse DNS lookups. For example, if you gave one of your computers the IP address 172.217.14.196, it'll show up in various places with the name sea30s01-in-f4.1e100.net.

      – Mark
      May 2 at 20:52






    • 2





      Even if you use NAT, it's very possible to have a router/NAT/firewall configuration that will send your LAN packets using public addresses out to the internet.

      – mtraceur
      May 2 at 21:24






    • 2





      And of course, the fact that you can't access those hosts on the Internet is the reason it's a very poor practice.

      – immibis
      May 2 at 23:14






    • 2





      Although it's extremely unusual, there is a special case where this would be legitimate: your network has properly assigned "public" IP addresses and those are what you are using. And for some reason you're also using PAT/NAT, perhaps to cloak your internal structure, perhaps to merge with another organisation's addressing. I've never seen this, and don't expect to!

      – jonathanjo
      May 3 at 7:58







    2




    2





    Also note that non-RFC1918 addresses used inside your network wreak havoc with many security monitoring/intrusion detection systems. As far as the appliances are concerned, those are internet addresses which means those are internet originated packets bouncing around your LAN. Alarm bells ensue.

    – drxzcl
    May 2 at 20:42





    Also note that non-RFC1918 addresses used inside your network wreak havoc with many security monitoring/intrusion detection systems. As far as the appliances are concerned, those are internet addresses which means those are internet originated packets bouncing around your LAN. Alarm bells ensue.

    – drxzcl
    May 2 at 20:42




    2




    2





    There's also the issue of reverse DNS lookups. For example, if you gave one of your computers the IP address 172.217.14.196, it'll show up in various places with the name sea30s01-in-f4.1e100.net.

    – Mark
    May 2 at 20:52





    There's also the issue of reverse DNS lookups. For example, if you gave one of your computers the IP address 172.217.14.196, it'll show up in various places with the name sea30s01-in-f4.1e100.net.

    – Mark
    May 2 at 20:52




    2




    2





    Even if you use NAT, it's very possible to have a router/NAT/firewall configuration that will send your LAN packets using public addresses out to the internet.

    – mtraceur
    May 2 at 21:24





    Even if you use NAT, it's very possible to have a router/NAT/firewall configuration that will send your LAN packets using public addresses out to the internet.

    – mtraceur
    May 2 at 21:24




    2




    2





    And of course, the fact that you can't access those hosts on the Internet is the reason it's a very poor practice.

    – immibis
    May 2 at 23:14





    And of course, the fact that you can't access those hosts on the Internet is the reason it's a very poor practice.

    – immibis
    May 2 at 23:14




    2




    2





    Although it's extremely unusual, there is a special case where this would be legitimate: your network has properly assigned "public" IP addresses and those are what you are using. And for some reason you're also using PAT/NAT, perhaps to cloak your internal structure, perhaps to merge with another organisation's addressing. I've never seen this, and don't expect to!

    – jonathanjo
    May 3 at 7:58





    Although it's extremely unusual, there is a special case where this would be legitimate: your network has properly assigned "public" IP addresses and those are what you are using. And for some reason you're also using PAT/NAT, perhaps to cloak your internal structure, perhaps to merge with another organisation's addressing. I've never seen this, and don't expect to!

    – jonathanjo
    May 3 at 7:58













    1


















    It matters in the situation that you do not need/want to reach those public IPs used.



    If you use such IPs and then you, for example, want to access a site that has one of the IPs, it will not work, because your IP will resolve locally instead of going through your edge router and forward.



    My company also uses such a system (it was implemented this way to be able to connect to other partner locations via EIGRP) and the corresponding IPs are assigned to China, so things should be fine as the company does not deal anything directly with something in hosted in China.






    share|improve this answer






























      1


















      It matters in the situation that you do not need/want to reach those public IPs used.



      If you use such IPs and then you, for example, want to access a site that has one of the IPs, it will not work, because your IP will resolve locally instead of going through your edge router and forward.



      My company also uses such a system (it was implemented this way to be able to connect to other partner locations via EIGRP) and the corresponding IPs are assigned to China, so things should be fine as the company does not deal anything directly with something in hosted in China.






      share|improve this answer




























        1














        1










        1









        It matters in the situation that you do not need/want to reach those public IPs used.



        If you use such IPs and then you, for example, want to access a site that has one of the IPs, it will not work, because your IP will resolve locally instead of going through your edge router and forward.



        My company also uses such a system (it was implemented this way to be able to connect to other partner locations via EIGRP) and the corresponding IPs are assigned to China, so things should be fine as the company does not deal anything directly with something in hosted in China.






        share|improve this answer














        It matters in the situation that you do not need/want to reach those public IPs used.



        If you use such IPs and then you, for example, want to access a site that has one of the IPs, it will not work, because your IP will resolve locally instead of going through your edge router and forward.



        My company also uses such a system (it was implemented this way to be able to connect to other partner locations via EIGRP) and the corresponding IPs are assigned to China, so things should be fine as the company does not deal anything directly with something in hosted in China.







        share|improve this answer













        share|improve this answer




        share|improve this answer



        share|improve this answer










        answered May 3 at 12:39









        OvermindOvermind

        1211 bronze badge




        1211 bronze badge































            draft saved

            draft discarded















































            Thanks for contributing an answer to Network Engineering Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f58866%2fip-addresses-from-public-ip-block-in-my-lan%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown









            Popular posts from this blog

            Tamil (spriik) Luke uk diar | Nawigatjuun

            Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

            Training a classifier when some of the features are unknownWhy does Gradient Boosting regression predict negative values when there are no negative y-values in my training set?How to improve an existing (trained) classifier?What is effect when I set up some self defined predisctor variables?Why Matlab neural network classification returns decimal values on prediction dataset?Fitting and transforming text data in training, testing, and validation setsHow to quantify the performance of the classifier (multi-class SVM) using the test data?How do I control for some patients providing multiple samples in my training data?Training and Test setTraining a convolutional neural network for image denoising in MatlabShouldn't an autoencoder with #(neurons in hidden layer) = #(neurons in input layer) be “perfect”?