[AusNOG] Redirecting a TCP port both directions

Mark Foster blakjak at blakjak.net
Tue Apr 8 12:12:16 EST 2014 

I meant to add that the text I pasted was from 
https://en.wikipedia.org/wiki/Private_network


On 8/04/2014 2:11 p.m., Mark Foster wrote:
> Did I miss something?
>
>
>     Private IPv4 address spaces
>
> The Internet Engineering Task Force 
> <https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force> (IETF) 
> has directed the Internet Assigned Numbers Authority 
> <https://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority> 
> (IANA) to reserve the following IPv4 address ranges for private 
> networks, as published in RFC 1918 
> <https://tools.ietf.org/html/rfc1918>:^[1] 
> <https://en.wikipedia.org/wiki/Private_network#cite_note-1>
>
> RFC1918 name 	IP address range 	number of addresses 	largest CIDR 
> <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing> block 
> (subnet mask) 	host id size 	mask bits 	/classful 
> <https://en.wikipedia.org/wiki/Classful_network>/ description^[Note 1] 
> <https://en.wikipedia.org/wiki/Private_network#cite_note-3>
> 24-bit block 	10.0.0.0 - 10.255.255.255 	16,777,216 	10.0.0.0/8 
> (255.0.0.0) 	24 bits 	8 bits 	single class A network 
> <https://en.wikipedia.org/wiki/Class_A_network>
> 20-bit block 	172.16.0.0 - 172.31.255.255 	1,048,576 	172.16.0.0/12 
> (255.240.0.0) 	20 bits 	12 bits 	16 contiguous class B networks
> 16-bit block 	192.168.0.0 - 192.168.255.255 	65,536 	192.168.0.0/16 
> (255.255.0.0) 	16 bits 	16 bits 	256 contiguous class C networks
>
>
> .... pretty sure that 172.31.1.x IP's fit nicely within that 20-bit 
> block that encompasses everything from 172.16.0.0 to 172.31.255.255...
>
> So where you've said 'non-RFC1918' you infact mean 'RFC1918', right? 
> So you're having problems with AWS routing traffic for these RFC1918 
> addresses to the Internet when that's not what you want?
>
> Mark.
>
> On 8/04/2014 2:07 p.m., Geordie Guy wrote:
>> Hi Folks,
>>
>> Working with a B2B partner who has exposed non-RFC1918 addresses 
>> 172.31.1.2 and 172.31.1.3 through a VPN tunnel to our environment, 
>> and this works fine for hitting a web service down the tunnel from 
>> our local networks.  We have a development footprint in AWS that is 
>> shanking at this, because an overlying abstraction layer for how AWS 
>> S3 instances route means that if it sees a non-RFC1918 range it sends 
>> it out to the Internet regardless of any host or other level routes 
>> that are specified.  I can set route add 172.31.1.0/24 
>> <http://172.31.1.0/24> via a gateway or for that matter the loopback 
>> until I go blue in the face and the server will merrily continue to 
>> try and find the IP on the Internet.
>>
>> What I need to do, other than not allow design decisions that involve 
>> non RFC-1918 addresses for private networks, is redirect a TCP port 
>> (443) from an IP that I *CAN* hit inside our network, to the 
>> 172.31.1.0 range down the tunnel, so that 1654287.r.msn.com 
>> <http://1654287.r.msn.com> stops scratching his head at the traffic 
>> trying to hit him from AWS.
>>
>> What do I do to accomplish this?  Netcat?  And before anyone says 
>> NAT, there's already been enough bad decisions made here.
>>
>> Regards,
>>
>> Geordie
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140408/9cbe1db6/attachment.html>

More information about the AusNOG mailing list