From owner-freebsd-hackers Sat Dec 13 10:01:38 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id KAA05814 for hackers-outgoing; Sat, 13 Dec 1997 10:01:38 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id KAA05806 for ; Sat, 13 Dec 1997 10:01:30 -0800 (PST) (envelope-from marcs@znep.com) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.8.7/8.8.7) with UUCP id LAA13238 for freebsd-hackers@FreeBSD.ORG; Sat, 13 Dec 1997 11:01:28 -0700 (MST) Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3) with SMTP id LAA26532 for ; Sat, 13 Dec 1997 11:01:54 -0700 (MST) Date: Sat, 13 Dec 1997 11:01:54 -0700 (MST) From: Marc Slemko To: freebsd-hackers@FreeBSD.ORG Subject: Re: I seriously need some networking help In-Reply-To: <199712131437.PAA22262@uriah.heep.sax.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sat, 13 Dec 1997, J Wunsch wrote: > Marc Slemko wrote: > > >> Sure, but that's only a cosmetical problem. I've seen 10.* > >> intermediate network addressess even on major Internet relays when > >> tracerouting. > > > So tell me what happens when the box that interface is on needs to send an > > ICMP message like can't fragment? > > > > What IP does it use? If it uses the private one, you lose. This does > > break things like PMTU-D. > > It doesn't, even if the IP source address is 10.*. As long as the > ICMP packet has the correct recipient address, it will arrive, and the > (original) sender takes the appropriate actions -- it couldn't verify > the validity of the ICMP packet's sender address anyway, be it 10.* or > anything else. Incorrect. No packets with reserved addresses make it into my network, and there are many other networks that operate in a similar fashion, especially those that use internal addresses themself. > Besides, you could setup the configuration in a way so PMTU-D happens > at the inbound interface, but not between the various routers that are You can do many things. However the fact remains that, in general, it is a bad idea to use internal addresses for numbering interfaces that can be seen by the world in any way. I have been around networks where it is done. It does cause problems. No, most people can't recognize the cause and just put it down to "oh, the Internet is just like that". > linked by 10.* addresses. Likewise, ensure the routability of the > packets is already checked at the inbound interface, so ICMP dst > unreach packets will be sent from there.