Your Internal IP Scheme

[[BB] Rick James]

What is your internal IP scheme? I have a buddy that runs 81.181.0.1/255.0.0.0.

what do you run? Right now I'm running the following

172.30.0.1/255.255.0.0 and 10.0.10.100/255.0.0.0.

what is your internal scheme?

 

[Xipher]

Is your buddy in Romania?

% Information related to '81.181.0.0 - 81.181.0.255'

inetnum: 81.181.0.0 - 81.181.0.255
netname: SC-SYNCO-MEDIA-SRL
descr: SC Synco Media SRL
descr: Intrarea Barsei 6, Bl. G7, Ap. 76,
descr: Sector 3, Bucuresti, Romania
country: ro
admin-c: LO343-RIPE
tech-c: LO343-RIPE
status: ASSIGNED PA
mnt-by: AS3233-MNT
mnt-lower: AS3233-MNT
mnt-routes: SYNCO-MNT
source: RIPE # Filtered

person: Lucian Obrocea
address: Intrarea Barsei 6, Bl. G7, Ap.
address: 76
address: Bucharest,
address: Romania
phone: +40788608238
e-mail: [email protected]
nic-hdl: LO343-RIPE
mnt-by: SYNCO-MNT
source: RIPE # Filtered

% Information related to '81.181.0.0/24AS34565'

route: 81.181.0.0/24
descr: Synco Media
origin: AS34565
mnt-by: SYNCO-MNT
source: RIPE # Filtered

Tell your friend the RFC1918 address space exists for a reason, DON'T GO OUTSIDE OF IT.

 

[[BB] Rick James]

Is your buddy in Romania?

% Information related to '81.181.0.0 - 81.181.0.255'

inetnum: 81.181.0.0 - 81.181.0.255
netname: SC-SYNCO-MEDIA-SRL
descr: SC Synco Media SRL
descr: Intrarea Barsei 6, Bl. G7, Ap. 76,
descr: Sector 3, Bucuresti, Romania
country: ro
admin-c: LO343-RIPE
tech-c: LO343-RIPE
status: ASSIGNED PA
mnt-by: AS3233-MNT
mnt-lower: AS3233-MNT
mnt-routes: SYNCO-MNT
source: RIPE # Filtered

person: Lucian Obrocea
address: Intrarea Barsei 6, Bl. G7, Ap.
address: 76
address: Bucharest,
address: Romania
phone: +40788608238
e-mail: [email protected]
nic-hdl: LO343-RIPE
mnt-by: SYNCO-MNT
source: RIPE # Filtered

% Information related to '81.181.0.0/24AS34565'

route: 81.181.0.0/24
descr: Synco Media
origin: AS34565
mnt-by: SYNCO-MNT
source: RIPE # Filtered

Tell your friend the RFC1918 address space exists for a reason, DON'T GO OUTSIDE OF IT.

Settle down there big shooter, He is behind a router nad NAT'd, pretty sure he isn't killing anyone by using that scheme.

 

[jeffmoss26]

I use 192.168.1.10x/255.255.255.0
All static IP addresses

 

[[BB] Rick James]

I use 192.168.1.10x/255.255.255.0
All static IP addresses

Why static everything?

 

[jeffmoss26]

Well I use remote desktop for most of my computers, and I have several routers for testing, so I just give everything an IP.

 

[Xipher]

Settle down there big shooter, He is behind a router nad NAT'd, pretty sure he isn't killing anyone by using that scheme.

No, but he will notice problems in the case he attempts to connect to any thing else with in the netblock he is using. In the off chance any thing leaks outside of the NAT his ISP might get pissed thinking he is trying to spoof. My biggest point here is don't just use what ever the heck you feel like especially if you don't understand the consequences. Hope he doesn't try and use 65.52.0.0/14 down the line.

 

[rogue_jedi]

192.168.1.x/255.255.255.0

Addresses below 10 are static, everything else is dhcp.

 

[Grentz]

I always stick to a 192.168.X.X scheme. Right now I am using 192.168.0.X.

Some of my machines are static (servers) and the rest are DHCP. I switched to 0.X because 1.X tends to be what routers and network devices default to thus screwing things up if they get connected. On 0.X most things do not default to it and thus wont screw with anything if they do get connected.

and yes it is not proper to go outside of the guidelines even if it is for internal. The problem is 1) you will not be able to connect to anything in that netblock (for example if you used 75.126.99.XXX you would have issues connected to hardforum) and 2) as said if it leaks out it could cause some issues.

 

[O[H]-Zone]

10.0.0.10 - 10.0.0.255 (255.0.0.0), static for the server(s) (under 10),

 

[RoBo]

192.168.2.XXX

 

[YeOldeStonecat]

192.168.69.xxx

 

[Xipher]

I should probably contribute

Currently every thing is in 192.168.0.0/24, how ever I intend to do some more work and eventually break off wireless onto a different subnet.

 

[SmokeRngs]

192.168.1.x/255.255.255.0

Everything is set for static IPs with DHCP disabled. Why? Because of the need for port forwarding and using VNC for some of my systems.

Also, I keep DHCP disabled. You'd be surprised how many people you can stop trying to access the wireless due to disabling DHCP. That's on top of disabling SSID broadcast as well as WPA2 encryption. I prefer to be paranoid. Plus, you don't need to know if I have wireless going unless I allow you to use it.

Also, I have a certain way I prefer to have my IPs setup and keep certain ranges for certain systems. Wireless IPs use a different range than wired. This has less to do with any type of security than it does just being able to easily figure out what is what. If there is any type of problem, it's a lot easier to figure things out with everything separated this way.

 

[Mak]

192.168.0.0/24

Servers and VNC stuff reserved via DHCP
everything else DHCP

 

[dbwillis]

172.16.1.x for me

192.168.x.x for my customers that I service

 

[Qualm]

10.0.1.x/24 for the servers in our colo;
192.168.104.x/24 for the office servers and workstations;
192.168.204.x/24 for test (browser compatibility, etc.) workstations NAT'd behind a DMZ router outside our VPN tunnel.

 

[IHateYou]

192.168.0.XXX. Static IP's for everything. Makes port forwarding simpler.

 

[TechLarry]

I think we played this recently. Here goes:

Routers/Switches - 192.168.0.1 thru .10
Servers - .10 thru .19
Printers - .20 thru .29
Workstations - .30 thru .39

 

[Milenko]

192.168.1.xxx / 255.255.255.0

static IPs scattered below 100

 

[Fint]

127.0.0.1/24

 

[Xipher]

Fint, I find that that one might be a bit difficult to get functional, with the loop back interface and all.

 

[Jaffa Cakes!]

10.0.1.x/255.255.255.0

 

[Dew]

10.10.10.1/24
3 subnetworks, one dhcp server, 4 internet connections.
10.10.10.1 = Router/DHCP/2 internet connections(IP based load balancing on RV016)
10.10.10.11 = Router/1 internet connection/DHCP disabled
10.10.10.21 = Router/1 internet connection/DHCP disabled
Total machines on network: 24

10.10.10.10 = Primary Fileserver (2TB)
10.10.10.20 = Secondary Fileserver (2TB)
10.10.10.5x is reserved for xbox 360s (5 of them) (static DHCP)
10.10.10.8x is reserved for one room
10.10.10.9x is reserved for my personal machines
10.10.10.10x-254 is DHCP
The entire IP range is blocked from net access, rule exceptions are made for machines that need on the net.

 

[Captain Colonoscopy]

Home is 10.169.254.0/24

clients are setup on 172.16-31.x.0/24 networks. I like to go class b subnetted out to class c.

 

[WesM63]

At home i use 192.168.20.x/24, simple and effective.

 

[mctwin2kman]

10.140.40.x/22

 

[Chiggy]

10.100.100.0/24 at home
10.0.0.0/8 at work

 

[InorganicMatter]

192.168.1.x/255.255.255.0

1-15 are static, dynamic goes up through 100. I run static on pretty much everything.

 

[zmjone2992]

modem is 192.168.1.xx
router is 192.168.2.xx
static ips >100
everything else is dhcp

 

[svet-am]

My setup is 192.168.123.xxx where 192.168.123.120->192.168.123.125 are static and assigned to workstations. 192.168.123.190->192.168.123.200 are dynamic for friends and guests that come over. 192.168.123.245->192.168.123.250 are "infrastructure" devices like our file server and print server. The netmask is old faithful: 255.255.255.0

 

[Verge]

172.16.355.0/255.255.0.0

 

[swatbat]

Internal at home is 192.168.10.x as I set it as that years ago and never bothered to switch it due to having to reconfigure some printers and whatnot.

Clients have them in class a b and c ranges.

Family office is 193. something which I've never bothered to fix as I don't feel like screwing with the unix servers. Some jackass through it in the public range like that 15 years ago before the machines were online and the consultants that have installed the 2 new servers and software over the years have left the range like that as they didn't want to screw with the legacy server at the time. Kinda agree with them as it hasn't caused any issues yet...

New networks I tend to throw into the 172 range.

 

[Motley]

127.0.0.1/24

lol nobody caught that one...

 

[[BB] Rick James]

127.0.0.1/24

So you loop around to your self hu?

 

[ndruw]

192.168.1.x/255.255.255.0

Everything is set for static IPs with DHCP disabled. Why? Because of the need for port forwarding and using VNC for some of my systems.

Also, I keep DHCP disabled. You'd be surprised how many people you can stop trying to access the wireless due to disabling DHCP. That's on top of disabling SSID broadcast as well as WPA2 encryption. I prefer to be paranoid. Plus, you don't need to know if I have wireless going unless I allow you to use it.

Also, I have a certain way I prefer to have my IPs setup and keep certain ranges for certain systems. Wireless IPs use a different range than wired. This has less to do with any type of security than it does just being able to easily figure out what is what. If there is any type of problem, it's a lot easier to figure things out with everything separated this way.

This man is entirely correct in his thinking.

also, i'm on good ol 192.168.0.* until i get back home

 

[[BB] Rick James]

This man is entirely correct in his thinking.

also, i'm on good ol 192.168.0.* until i get back home

It's a lot of extra work when you could just keep up todate on your security and just reserve stuff in DHCP. If you take your laptop anywhere you have to f-around with changing it all back.

Waste of time, secure yes, but a waste of time in my eyes.

 

[brom42]

Home
Wired: 172.24.32.0/255.255.255.192
Wireless: 172.16.24.0/255.255.255.192

Work
Servers: 192.168.4.0/255.255.255.0
Users: 10.250.0.0/255.255.0.0
Terminals: 172.16.32.0/255.255.255.0

 

[TechieSooner]

Why static everything?

I don't personally do this, but I do see the advantage in certain situations...

Static IP addresses you can map to a physical location. Bandwidth slump? Bam, find the IP address, look at your chart- instantly know who it is and go see what they are doing.

I'd say in most situations static IP Addressing is tougher though.

Also, I keep DHCP disabled. You'd be surprised how many people you can stop trying to access the wireless due to disabling DHCP.

Heck, 90% of people couldn't connect.
And of those that know they need to set a static IP, they have to know your schema or (possibly) be unable to connect to anything on your LAN itself.



I personally also use the 192.168.0.X range. I have everything above 192.168.0.100 DHCP. Anything below that is phone system, routers, etc.
People that set this up before I started working here addressed things in a crazy way. One printer is at 192.168.0.52, another at 192.168.0.125, just crazy (Would break too many things to change now).

Generally, though...
192.168.0.1 is router.
192.168.0.2- 192.168.0.10 is servers
192.168.0.11- 192.168.0.33 is various devices (routers, VPN tunnels, etc).
Phone people have their own IP addresses around in the 192.168.0.50-192.168.0.59 range... I don't touch anything in there.

 

[Icidic]

1.1.1.x for Internet Placeholder (WAN)
10.0.0.x for Local Area Network (LAN)
10.0.1.x for Demilitarized Zone (DMZ)
10.0.2.x for Wireless Network (wLAN)

and also a OpenVPN Network to Network Link to a 10.10.0.x network .