Your Internal IP Scheme

Discussion in 'Networking & Security' started by [BB] Rick James, Dec 2, 2007.

  1. [BB] Rick James

    [BB] Rick James [H]ard Dawg

    Messages:
    2,818
    Joined:
    Apr 4, 2004
    What is your internal IP scheme? I have a buddy that runs 81.181.0.1/255.0.0.0.

    what do you run? Right now I'm running the following

    172.30.0.1/255.255.0.0 and 10.0.10.100/255.0.0.0.

    what is your internal scheme?
     
  2. Xipher

    Xipher 2[H]4U

    Messages:
    2,621
    Joined:
    Mar 15, 2004
    Is your buddy in Romania?

    % Information related to '81.181.0.0 - 81.181.0.255'

    inetnum: 81.181.0.0 - 81.181.0.255
    netname: SC-SYNCO-MEDIA-SRL
    descr: SC Synco Media SRL
    descr: Intrarea Barsei 6, Bl. G7, Ap. 76,
    descr: Sector 3, Bucuresti, Romania
    country: ro
    admin-c: LO343-RIPE
    tech-c: LO343-RIPE
    status: ASSIGNED PA
    mnt-by: AS3233-MNT
    mnt-lower: AS3233-MNT
    mnt-routes: SYNCO-MNT
    source: RIPE # Filtered

    person: Lucian Obrocea
    address: Intrarea Barsei 6, Bl. G7, Ap.
    address: 76
    address: Bucharest,
    address: Romania
    phone: +40788608238
    e-mail: lucian@syncomedia.com
    nic-hdl: LO343-RIPE
    mnt-by: SYNCO-MNT
    source: RIPE # Filtered

    % Information related to '81.181.0.0/24AS34565'

    route: 81.181.0.0/24
    descr: Synco Media
    origin: AS34565
    mnt-by: SYNCO-MNT
    source: RIPE # Filtered

    Tell your friend the RFC1918 address space exists for a reason, DON'T GO OUTSIDE OF IT.
     
  3. [BB] Rick James

    [BB] Rick James [H]ard Dawg

    Messages:
    2,818
    Joined:
    Apr 4, 2004
    Settle down there big shooter, He is behind a router nad NAT'd, pretty sure he isn't killing anyone by using that scheme.
     
  4. jeffmoss26

    jeffmoss26 2[H]4U

    Messages:
    2,267
    Joined:
    Aug 1, 2002
    I use 192.168.1.10x/255.255.255.0
    All static IP addresses
     
  5. [BB] Rick James

    [BB] Rick James [H]ard Dawg

    Messages:
    2,818
    Joined:
    Apr 4, 2004
    Why static everything?
     
  6. jeffmoss26

    jeffmoss26 2[H]4U

    Messages:
    2,267
    Joined:
    Aug 1, 2002
    Well I use remote desktop for most of my computers, and I have several routers for testing, so I just give everything an IP.
     
  7. Xipher

    Xipher 2[H]4U

    Messages:
    2,621
    Joined:
    Mar 15, 2004
    No, but he will notice problems in the case he attempts to connect to any thing else with in the netblock he is using. In the off chance any thing leaks outside of the NAT his ISP might get pissed thinking he is trying to spoof. My biggest point here is don't just use what ever the heck you feel like especially if you don't understand the consequences. Hope he doesn't try and use 65.52.0.0/14 down the line.
     
  8. rogue_jedi

    rogue_jedi [H]ardness Supreme

    Messages:
    4,834
    Joined:
    Sep 6, 2002
    192.168.1.x/255.255.255.0

    Addresses below 10 are static, everything else is dhcp.
     
  9. Grentz

    Grentz [H]ard as it Gets

    Messages:
    17,154
    Joined:
    May 5, 2006
    I always stick to a 192.168.X.X scheme. Right now I am using 192.168.0.X.

    Some of my machines are static (servers) and the rest are DHCP. I switched to 0.X because 1.X tends to be what routers and network devices default to thus screwing things up if they get connected. On 0.X most things do not default to it and thus wont screw with anything if they do get connected.

    and yes it is not proper to go outside of the guidelines even if it is for internal. The problem is 1) you will not be able to connect to anything in that netblock (for example if you used 75.126.99.XXX you would have issues connected to hardforum) and 2) as said if it leaks out it could cause some issues.
     
  10. O[H]-Zone

    O[H]-Zone [H]ard|Gawd

    Messages:
    1,465
    Joined:
    Mar 28, 2003
    10.0.0.10 - 10.0.0.255 (255.0.0.0), static for the server(s) (under 10),
     
  11. RoBo

    RoBo 2[H]4U

    Messages:
    3,533
    Joined:
    Jan 5, 2007
    192.168.2.XXX
     
  12. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
  13. Xipher

    Xipher 2[H]4U

    Messages:
    2,621
    Joined:
    Mar 15, 2004
    I should probably contribute

    Currently every thing is in 192.168.0.0/24, how ever I intend to do some more work and eventually break off wireless onto a different subnet.
     
  14. SmokeRngs

    SmokeRngs [H]ard|DCer of the Month - April 2008

    Messages:
    15,416
    Joined:
    Aug 9, 2001
    192.168.1.x/255.255.255.0

    Everything is set for static IPs with DHCP disabled. Why? Because of the need for port forwarding and using VNC for some of my systems.

    Also, I keep DHCP disabled. You'd be surprised how many people you can stop trying to access the wireless due to disabling DHCP. That's on top of disabling SSID broadcast as well as WPA2 encryption. I prefer to be paranoid. Plus, you don't need to know if I have wireless going unless I allow you to use it.

    Also, I have a certain way I prefer to have my IPs setup and keep certain ranges for certain systems. Wireless IPs use a different range than wired. This has less to do with any type of security than it does just being able to easily figure out what is what. If there is any type of problem, it's a lot easier to figure things out with everything separated this way.

    [​IMG]
     
  15. Mak

    Mak Limp Gawd

    Messages:
    150
    Joined:
    Oct 14, 2005
    192.168.0.0/24

    Servers and VNC stuff reserved via DHCP
    everything else DHCP
     
  16. dbwillis

    dbwillis [H]ardness Supreme

    Messages:
    7,255
    Joined:
    Jul 9, 2002
    172.16.1.x for me

    192.168.x.x for my customers that I service
     
  17. Qualm

    Qualm Gawd

    Messages:
    562
    Joined:
    May 31, 2003
    10.0.1.x/24 for the servers in our colo;
    192.168.104.x/24 for the office servers and workstations;
    192.168.204.x/24 for test (browser compatibility, etc.) workstations NAT'd behind a DMZ router outside our VPN tunnel.
     
  18. IHateYou

    IHateYou n00b

    Messages:
    31
    Joined:
    Nov 19, 2007
    192.168.0.XXX. Static IP's for everything. Makes port forwarding simpler.
     
  19. TechLarry

    TechLarry Can't find the G Spot

    Messages:
    30,022
    Joined:
    Aug 9, 2005
    I think we played this recently. Here goes:

    Routers/Switches - 192.168.0.1 thru .10
    Servers - .10 thru .19
    Printers - .20 thru .29
    Workstations - .30 thru .39
     
  20. Milenko

    Milenko [H]ard|Gawd

    Messages:
    1,482
    Joined:
    Jul 15, 2002
    192.168.1.xxx / 255.255.255.0

    static IPs scattered below 100
     
  21. Fint

    Fint [H]ard|Gawd

    Messages:
    1,046
    Joined:
    Jun 11, 2004
    127.0.0.1/24
     
  22. Xipher

    Xipher 2[H]4U

    Messages:
    2,621
    Joined:
    Mar 15, 2004
    Fint, I find that that one might be a bit difficult to get functional, with the loop back interface and all.
     
  23. Jaffa Cakes!

    Jaffa Cakes! Limp Gawd

    Messages:
    136
    Joined:
    Oct 13, 2007
    10.0.1.x/255.255.255.0

    :)
     
  24. Dew

    Dew 2[H]4U

    Messages:
    3,826
    Joined:
    Jun 23, 2003
    10.10.10.1/24
    3 subnetworks, one dhcp server, 4 internet connections.
    10.10.10.1 = Router/DHCP/2 internet connections(IP based load balancing on RV016)
    10.10.10.11 = Router/1 internet connection/DHCP disabled
    10.10.10.21 = Router/1 internet connection/DHCP disabled
    Total machines on network: 24

    10.10.10.10 = Primary Fileserver (2TB)
    10.10.10.20 = Secondary Fileserver (2TB)
    10.10.10.5x is reserved for xbox 360s (5 of them) (static DHCP)
    10.10.10.8x is reserved for one room
    10.10.10.9x is reserved for my personal machines
    10.10.10.10x-254 is DHCP
    The entire IP range is blocked from net access, rule exceptions are made for machines that need on the net.
     
  25. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,862
    Joined:
    Feb 19, 2004
    Home is 10.169.254.0/24

    clients are setup on 172.16-31.x.0/24 networks. I like to go class b subnetted out to class c.


    [​IMG]
     
  26. WesM63

    WesM63 2[H]4U

    Messages:
    3,276
    Joined:
    Aug 29, 2004
    At home i use 192.168.20.x/24, simple and effective.
     
  27. mctwin2kman

    mctwin2kman 2[H]4U

    Messages:
    2,370
    Joined:
    Jul 3, 2001
  28. Chiggy

    Chiggy [H]Lite

    Messages:
    84
    Joined:
    Nov 23, 2003
    10.100.100.0/24 at home
    10.0.0.0/8 at work
     
  29. InorganicMatter

    InorganicMatter I Don't Know How to Make Threads

    Messages:
    15,249
    Joined:
    Oct 19, 2004
    192.168.1.x/255.255.255.0

    1-15 are static, dynamic goes up through 100. I run static on pretty much everything.
     
  30. zmjone2992

    zmjone2992 [H]ard|Gawd

    Messages:
    1,034
    Joined:
    Jul 3, 2007
    modem is 192.168.1.xx
    router is 192.168.2.xx
    static ips >100
    everything else is dhcp
     
  31. svet-am

    svet-am [H]ardness Supreme

    Messages:
    5,149
    Joined:
    Jan 6, 2003
    My setup is 192.168.123.xxx where 192.168.123.120->192.168.123.125 are static and assigned to workstations. 192.168.123.190->192.168.123.200 are dynamic for friends and guests that come over. 192.168.123.245->192.168.123.250 are "infrastructure" devices like our file server and print server. The netmask is old faithful: 255.255.255.0
     
  32. Verge

    Verge [H]ardness Supreme

    Messages:
    6,060
    Joined:
    May 27, 2001
    172.16.355.0/255.255.0.0
     
  33. swatbat

    swatbat [H]ardForum Junkie

    Messages:
    12,845
    Joined:
    Apr 25, 2001
    Internal at home is 192.168.10.x as I set it as that years ago and never bothered to switch it due to having to reconfigure some printers and whatnot.

    Clients have them in class a b and c ranges.

    Family office is 193. something which I've never bothered to fix as I don't feel like screwing with the unix servers. Some jackass through it in the public range like that 15 years ago before the machines were online and the consultants that have installed the 2 new servers and software over the years have left the range like that as they didn't want to screw with the legacy server at the time. Kinda agree with them as it hasn't caused any issues yet...

    New networks I tend to throw into the 172 range.
     
  34. Motley

    Motley 2[H]4U

    Messages:
    2,441
    Joined:
    Mar 29, 2005
    lol nobody caught that one...
     
  35. [BB] Rick James

    [BB] Rick James [H]ard Dawg

    Messages:
    2,818
    Joined:
    Apr 4, 2004
    So you loop around to your self hu?
     
  36. ndruw

    ndruw Limp Gawd

    Messages:
    247
    Joined:
    Mar 7, 2006

    This man is entirely correct in his thinking.

    also, i'm on good ol 192.168.0.* until i get back home
     
  37. [BB] Rick James

    [BB] Rick James [H]ard Dawg

    Messages:
    2,818
    Joined:
    Apr 4, 2004
    It's a lot of extra work when you could just keep up todate on your security and just reserve stuff in DHCP. If you take your laptop anywhere you have to f-around with changing it all back.

    Waste of time, secure yes, but a waste of time in my eyes.
     
  38. brom42

    brom42 2[H]4U

    Messages:
    3,996
    Joined:
    Mar 1, 2004
    Home
    Wired: 172.24.32.0/255.255.255.192
    Wireless: 172.16.24.0/255.255.255.192

    Work
    Servers: 192.168.4.0/255.255.255.0
    Users: 10.250.0.0/255.255.0.0
    Terminals: 172.16.32.0/255.255.255.0
     
  39. TechieSooner

    TechieSooner [H]ardness Supreme

    Messages:
    7,612
    Joined:
    Nov 7, 2007
    I don't personally do this, but I do see the advantage in certain situations...

    Static IP addresses you can map to a physical location. Bandwidth slump? Bam, find the IP address, look at your chart- instantly know who it is and go see what they are doing.

    I'd say in most situations static IP Addressing is tougher though.

    Heck, 90% of people couldn't connect.
    And of those that know they need to set a static IP, they have to know your schema or (possibly) be unable to connect to anything on your LAN itself.



    I personally also use the 192.168.0.X range. I have everything above 192.168.0.100 DHCP. Anything below that is phone system, routers, etc.
    People that set this up before I started working here addressed things in a crazy way. One printer is at 192.168.0.52, another at 192.168.0.125, just crazy (Would break too many things to change now).

    Generally, though...
    192.168.0.1 is router.
    192.168.0.2- 192.168.0.10 is servers
    192.168.0.11- 192.168.0.33 is various devices (routers, VPN tunnels, etc).
    Phone people have their own IP addresses around in the 192.168.0.50-192.168.0.59 range... I don't touch anything in there.
     
  40. Icidic

    Icidic n00b

    Messages:
    59
    Joined:
    Mar 17, 2007
    1.1.1.x for Internet Placeholder (WAN)
    10.0.0.x for Local Area Network (LAN)
    10.0.1.x for Demilitarized Zone (DMZ)
    10.0.2.x for Wireless Network (wLAN)

    and also a OpenVPN Network to Network Link to a 10.10.0.x network :).