We have a client who has a 192.170.130/24 subnet on their LAN, which is being NATed to the WAN IP address from their ISP. Is this a good idea or should they be using an RFC1918 addresses on their LAN?
Thanks
We have a client who has a 192.170.130/24 subnet on their LAN, which is being NATed to the WAN IP address from their ISP. Is this a good idea or should they be using an RFC1918 addresses on their LAN?
Thanks
It’s a bad practice. They should use a private class.
The why is that it will cause problem if your customer got server that answer WAN request, as the server will not route to the internet request that he think belong to its local LAN.
In your case your customer blocked himself from possible client from Texas with that IP range.
It's unorthodox and uncommon, but it's not wrong. I've worked with several customers who were in this scenario.
Is it a good idea? That's a subjective question. Everyone will have their own opinion on whether or not it's a "good" idea. It's generally considered to not be a good idea.
Is there any technical reason to change? Maybe... but probably not. What would you want to accomplish? What would be the end goal? Increased security? RFC 1918 isn't about security.
Before RFC 1918 (yes, there was a time before RFC 1918) everyone used "public" ip addresses internally. See section 2 at the link below for the motivation and reasoning behind RFC 1918:
First off, I work in a place that uses large public ips range in their private network. However, they own the range. The only issue you will see aside from the firewall issue is that if they ever try to connect to an external dns name with the range they are using for their private they will have an issue. You can do a reverse ip up look with nslookup on a public dns server to determine if anything is mapped to any ip’s then determine your impact. You might want script the lookup because there is a lot. I have seen people, like a large university try to do this before and their private ip range overlapped with actually sites people were trying to connect to. To make it worse the range covered their AD infrastructure.