[AusNOG] Redirecting a TCP port both directions
Mark Foster
blakjak at blakjak.net
Tue Apr 8 12:12:16 EST 2014
I meant to add that the text I pasted was from
https://en.wikipedia.org/wiki/Private_network
On 8/04/2014 2:11 p.m., Mark Foster wrote:
> Did I miss something?
>
>
> Private IPv4 address spaces
>
> The Internet Engineering Task Force
> <https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force> (IETF)
> has directed the Internet Assigned Numbers Authority
> <https://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority>
> (IANA) to reserve the following IPv4 address ranges for private
> networks, as published in RFC 1918
> <https://tools.ietf.org/html/rfc1918>:^[1]
> <https://en.wikipedia.org/wiki/Private_network#cite_note-1>
>
> RFC1918 name IP address range number of addresses largest CIDR
> <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing> block
> (subnet mask) host id size mask bits /classful
> <https://en.wikipedia.org/wiki/Classful_network>/ description^[Note 1]
> <https://en.wikipedia.org/wiki/Private_network#cite_note-3>
> 24-bit block 10.0.0.0 - 10.255.255.255 16,777,216 10.0.0.0/8
> (255.0.0.0) 24 bits 8 bits single class A network
> <https://en.wikipedia.org/wiki/Class_A_network>
> 20-bit block 172.16.0.0 - 172.31.255.255 1,048,576 172.16.0.0/12
> (255.240.0.0) 20 bits 12 bits 16 contiguous class B networks
> 16-bit block 192.168.0.0 - 192.168.255.255 65,536 192.168.0.0/16
> (255.255.0.0) 16 bits 16 bits 256 contiguous class C networks
>
>
> .... pretty sure that 172.31.1.x IP's fit nicely within that 20-bit
> block that encompasses everything from 172.16.0.0 to 172.31.255.255...
>
> So where you've said 'non-RFC1918' you infact mean 'RFC1918', right?
> So you're having problems with AWS routing traffic for these RFC1918
> addresses to the Internet when that's not what you want?
>
> Mark.
>
> On 8/04/2014 2:07 p.m., Geordie Guy wrote:
>> Hi Folks,
>>
>> Working with a B2B partner who has exposed non-RFC1918 addresses
>> 172.31.1.2 and 172.31.1.3 through a VPN tunnel to our environment,
>> and this works fine for hitting a web service down the tunnel from
>> our local networks. We have a development footprint in AWS that is
>> shanking at this, because an overlying abstraction layer for how AWS
>> S3 instances route means that if it sees a non-RFC1918 range it sends
>> it out to the Internet regardless of any host or other level routes
>> that are specified. I can set route add 172.31.1.0/24
>> <http://172.31.1.0/24> via a gateway or for that matter the loopback
>> until I go blue in the face and the server will merrily continue to
>> try and find the IP on the Internet.
>>
>> What I need to do, other than not allow design decisions that involve
>> non RFC-1918 addresses for private networks, is redirect a TCP port
>> (443) from an IP that I *CAN* hit inside our network, to the
>> 172.31.1.0 range down the tunnel, so that 1654287.r.msn.com
>> <http://1654287.r.msn.com> stops scratching his head at the traffic
>> trying to hit him from AWS.
>>
>> What do I do to accomplish this? Netcat? And before anyone says
>> NAT, there's already been enough bad decisions made here.
>>
>> Regards,
>>
>> Geordie
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140408/9cbe1db6/attachment.html>
More information about the AusNOG
mailing list