On Mon, Nov 14, 2016 at 12:45:20AM +0100, deloptes wrote: > Henning wrote: > > > And usually there is no reason for two separate rfc1918 address ranges. > > Pick one matching your address space needs and design subnets. > > There is only one single reason for nat: you have more hosts than routable > > ip addresses. I guess 10.0.0.0 meets even the biggest organizations. > > Thank you for the line of argumentation. As usual if something works for 10y > it undergoes a lot of changes. So the reason for not using 10.0.0.0 > internally is that it is historically that way. Some years ago the firewall > was connected to the public network directly. The new provider gave me the > modem and it uses automatically 10.0.0.0, which I can not influence. I just > did the DMZ - this was the time I tried to rewrite the firewall rules, but > I found out I need to read again a lot about iptables and more important it > would mean I would need to experiment and jeopardize the network. > The setup is useful in the way that the whole wireless network is outside > the firewall in the 10.0.0.0/24 range. All that I need for operating works > perfectly. Now the only problem is that I can not access anything else on > the 10.0.0.0 network except the modem. > > thanks again > >
Last time I chime in here. I understand growth and chaos, believe me. However sometimes we need a nudge or a kick in the but to clean up. Maybe this is your call. Simplicity is a beautiful thing my friend. -H -- Henning Follmann | hfollm...@itcfollmann.com
