5

Just noticed that our Lancom router has a DHCP range of 194.77.30.50 - 150.

Could that lead to problems? Because sometimes some devices can’t be reached (with static IPS above that range like 194.77.30.170) and I have not yet figured it out why.

I can’t find a definitive answer on the net if it really MUST be 192.168..

Manuel
  • 51
  • 1

3 Answers3

16

You need (fanfare)

RFC 1918 - Address Allocation for Private Internets

Your private (IPv4) network MUST use one of the ranges allocated by this RFC:

 10.0.0.0        -   10.255.255.255  (10/8 prefix)
 172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
 192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

Anything else is Just Plain Wrong. And you can tell them the people who built the internet said so.

OK, so there's really no MUST anywhere in that RFC, but in practice the internet shuns heretics who just grab random swaths of IP space for their private networks, and everyone uses the RFC-1918 reserved ranges for their designated purpose of private networks. Do it right and fix your configuration to use standard, RFC-confomant addresses for your private network, and I bet your funky unreachable devices issue will go away...

Community
  • 1
voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • 3
    And anything that doesn't use one of the addresses listed above will cause you to run into major issues. – tombull89 Feb 20 '12 at 21:27
  • Guys, awesome! Thank you so much for answering! I am so relived that you both explicitly state that I MUST use those ranges as I have no idea what else could cause our problems. SO thank you very much! But could you explain to me why there could be problems/what causes them? I certainly willl change the range now, as is it my last hope, but I would relly like to understand WHY: :) – Manuel Feb 20 '12 at 21:35
  • 3
    @Manuel: The problem is that any addresses outside the RFC1918 space are already allocated for use on the Internet. You'll never be able to talk to the "real" servers using the non-RFC1918 addresses you're "squatting" on. You can use non-RFC1918 addresses all you want but it limits your ability to talk to the "real" Internet. – Evan Anderson Feb 20 '12 at 21:38
  • @EvanAnderson Cheers mate, I understood that so far then. Pfew. But just for my better understanding, let’s imagine this: If one access point has the IP 194..77.30.170 on our LAN and that IP is not assigned to a domain (or the other way around ;) by RIPE or which Interweb king who’s out there, does that still lead to problems? – Manuel Feb 20 '12 at 21:42
  • Let me add the following for your amusement: I started to do the intertubes administration for this non-profit asylum 7 years ago and on day one I wondered why the range has such an uncommon range (cough), but I forgot about it the next day (why worry, the firm that sold and configed the Lancom have those awesome Cisco certificates and shirts with logos on them). 7 years later I start to try to solve that effin 194-riddle. Fanfares. – Manuel Feb 20 '12 at 21:48
  • @Manuel `does that still lead to problems?` -- ***YES***, the first time someone tries to access a system on the internet that uses that IP and gets sent to your local device instead. Imagine one of your users typing `www.google.com` and getting the management page for your access point instead :) – voretaq7 Feb 20 '12 at 21:48
  • 2
    Note that it *is* possible you have some other strange problem on your network that's making hosts unreachable, but the first step I'd take is cleaning up your IP space to use RFC-1918 sanctioned address ranges. **Then** if the problem persists throw up another question and we can probably help you debug that - you'll have eliminated a few billion external influences/variables from the list of possible problems. – voretaq7 Feb 20 '12 at 21:50
  • @voretaq7 Understood, perfectly clear. I will change range asap just to be on the safe side. But if I understand the main private range dilemma correctly, the reason why this one access point is so _shy_ has probably not much to do with it, right? – Manuel Feb 20 '12 at 21:59
  • I once worked at a company that had used an IP range that belongs to Boeing for their internal network. Everything worked fine until they got a big contract with Boeing, but nobody at Boeing could reach any of the services behind our firewalls. – David Schwartz Feb 21 '12 at 01:19
  • 4
    This is making the assumption that the OP is using NAT, which they may not be – Mark Henderson Feb 21 '12 at 02:20
  • nao u haz teh private internets!!1 (sorry... couldn't resist when I saw the phrasing of the RFC title) – Bigbio2002 Feb 21 '12 at 20:56
  • @Bigbio2002 that aint helping but iz funneh. but I dont approve of your help. but funneh is funneh. now go. – Manuel Feb 21 '12 at 22:28
11

Some things that are missing from the answers and comments posted so far:

  1. Manuel is from Sylt Island, which is an island in northern Germany.

  2. The address range 194.77.30.50 - 150 is part of a block allocated to Interoute Deutschland GmbH (which is an LIR) by RIPE NCC (RIR).

  3. It's completely possible (and probable) that Interoute Deutschland GmbH assigned this address range to this particular non-profit and they in turn configured it for use internally, hence the current DHCP configuration on the Lancom router.

  4. However each of us feels about not using RFC 1918 addresses internally, if points 1 through 3 above are true, then this is a perfectly acceptable setup.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • You beat me by 5 minutes - I was about to write something very similar – Mark Henderson Feb 21 '12 at 02:20
  • Every so often I get one in... – joeqwerty Feb 21 '12 at 02:22
  • @joeqwerty First of all thanks for trying to dig deeper. ;) But I highly doubt that our non-profit has such _connections_ to such companies. We have for example a VPN with our head office which is located in Germany (Germany as in *not on this island*) and they use a range of 192.168.10.*. Would be cool though if we were so special, but I can assure you that it is the opposite, multiplied by eternity. – Manuel Feb 21 '12 at 07:59
  • 1
    Manuel: You might be reading too much into my answer. Here's what I'm saying: It would appear based on where you live and the ip address range in use that Interoute is probably the ISP for this non-profit and has assigned this ip address range to this non-profit, who in turn configured the router DHCP scope with this ip address range. If that's the case then what you're seeing is perfectly acceptable and there's no "ip address hijacking" occurring. I would suggest that you find out who the ISP is for ths non-profit and contact them to confirm or deny what I suspect. – joeqwerty Feb 21 '12 at 11:48
  • @joeqwerty Sorry, no, I guess I am not reading to much into it. Interroute is definitely not our ISP, it is German Telekom Business Clients Division. I heard from a friend from Belgium that their ISPs do some DHCPing for up to 4 PCs on your intranet, but here with German Telekom it is definitely not the case; you get a dynamic or static public IP and the router and DHCP for your intranet is left completely to you and your DHCp skills. – Manuel Feb 21 '12 at 22:23
5

You do not have to use RFC 1918 space if your site is using public IP space. Check with your provider and see if that range is correct for your site. If it is, I suspect someone has a subnet mask incorrectly set

Kevin
  • 161
  • 4
  • Provider just does the basics, no special ranges so we are left with the default class C. Our range is 194.77.30.50 to 150 with subnet of 255.255.2550, so I guess the first/initial sysadmin was just a little, well, tooo awesome :P – Manuel Feb 21 '12 at 22:26