[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Logging into mike

To: Doug Welch <welch@physics.mcmaster.ca>
Subject: Re: Logging into mike
From: "Robert J. Bradbury" <bradbury@aeiveos.com>
Date: Mon, 20 Dec 2004 18:23:50 -0800 (PST)
Cc: Chris Albertson <chrisalbertson90278@yahoo.com>, Tom Droege <droege@snapmail.us>, TASS List <tass@listserv.wwa.com>
In-reply-to: <1103584778.32449.15.camel@vesta>
Sender: owner-tass@listserv.wwa.com

On Mon, 20 Dec 2004, Doug Welch wrote:

> You would think this, but you would be wrong. Earthlink seems to
> run their DSL over a non-routable address which the router sees.
> (One of those 172.xxx.xxx.xxx addresses.) So the router doesn't know
> the true external IP.

Oh boy, now this gets messy...

First of all, the non-routable addresses are of the form...
   192.168.X.Y
*All* TASS sytems which do not need to have internet access
should have assigned IP addresses in this range -- this is
to avoid the possibility of any security breakin attempts
from reaching those systems.  Routers and operating systems
do not route these addresses so they are never visible to
the external world.

For example I will not connect any Microsoft based operating
system (DOS, Windows, Win2K, etc.) my LAN unless they have
an assigned IP address in the range cited above because they
are too insecure.

To determine the IP addresses of the systems on your network,
you can use a program "nslookup".  This works both under Linux
and DOS shells.  I.e. one types
  nslookup
one should get a '> ' prompt.  Then one types:
  ls -d domain.com
perhaps
  ls -d tass.com          ????

(so for myself I type "ls -d aeiveos.com" and I get a list of
all of the domain records for my systems).  For Tom's situation
it depends whether he has one of his systems distributing the
domain name information on his on systems or whether he is
distributing domain name mappings (between a name like name
"mike.xxx.yyy" to ###.###.###.###) using his ISP.  Most ISP's
(at least the better ones) allow you to select to allow the
user to control the domain name mappings (from name to number).
The less sophisticated ones require that you do this through their
domain name mapping software [this may include Earthlink].

To a large extent this depends upon how many Version 4 IP addresses
have been allocated to a specific ISP.  If they have a lot of
addresses allocated they could grant someone like Tom 8, 16, 32, etc.
of them and he could allocate them between his machines as he sees fit.
If they do not have a lot of them (Earthlink???) then they will
only grant him a single IP address and it will generally be assigned
to his router and then one will have to go through a strange process
known as Network Address Translation (NAT) to have the router match
up various messages as coming from or being sent to specific machines.
How this all works I am unsure.  This will change when the U.S. migrates
from IPV4 (the primary current protocol here) to IPV6 (a more common
protocol in Asia).  That process is taking place *slowly*.  At this
time there is a shortage of IPV4 interenet addresses so convincing
an ISP to give you a block of 8 that you can use may be difficult.

But the basic rules would be:
a) Get control over a block of IP addresses;
b) Change your ISP DNS config to do lookups on your machines rather than
   their machines;
c) Verify that your DNS lookup process is working correctly.

My 2 cents.
Robert

Follow-Ups:
- Re: Logging into mike
  - From: Doug Welch <welch@physics.mcmaster.ca>

References:
- Re: Logging into mike
  - From: Doug Welch <welch@physics.mcmaster.ca>

Prev by Date: Re: Logging into mike
Next by Date: Re: Logging into mike
Prev by thread: Re: Logging into mike
Next by thread: Re: Logging into mike
Index(es):
- Date
- Thread