Re: LAN access while VPN is up
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: LAN access while VPN is up

From: Moe Trin <ibuprofin@painkiller.example.tld>
Date: Fri Oct 28 2005 - 22:03:33 CEST



In the Usenet newsgroup comp.security.firewalls, in article


<umi8f.7715$ki7.572410@news20.bellglobal.com>, Triffid wrote:



>Recently the switch configuration was altered such that the Nortel VPN


>client routes everything except RFC1918 Class C addresses up the tunnel.



And the switch configuration relating to the LAN isn't under your control?



>Unfortunately, I chose RFC1918 Class A addresses for my local LAN long


>ago,



;-)    I work at a "Class A" (actually, classes were abolished in 1993


with the advent of CIDR), so there was no incentive to use one at home.


My home net predates both RFC1918 and RFC1597, and I originally used a


block in the 223.250.6.x range (which still hasn't been allocated by IANA).


Less numbers to remember? No, I use hostnames. Less numbers to type when


configuring things? How often do you do that?   Adequate number of IP


addresses? Actually, I use a 255.255.252.0 mask at home, not that I'll


ever have 1000 hosts there. And two of my ISPs use RFC1918 addresses


for customer (rather than public) services - one has their DNS and


mail servers in the 10.200.0.0/16 block for some bizarre reason.



>so I've lost access to local shares and printers while the tunnel


>is established.



Disadvantage of using a switch as the connection to the world.



>It wouldn't be all that painful to renumber the local LAN to RFC1918


>Class C,



Depends on how paranoid you are.



>but I'm curious as to alternative solutions - perhaps involving adding


>a router (I have a couple spare). Any suggestions?



I certainly wouldn't be thrilled to know that packets from my net are


leaving the house, even if the ISP is dropping them into the bit bucket.



A router, or a switch of your own - your owning the routers would reduce


the hardware cost and might add versatility, but how much are you paying


for power?  My connection to the world goes through a firewall which is


the remains of a 386SX laptop - no display, no keyboard, and not much


else. Last time I measured it, it was drawing 30 VA. Do the math - that's


about 260 KWH for the year, or about $35 at the "last kilowatt-hour rate"


for me.



        Old guy


Received on Mon Nov 21 02:34:54 2005