|
The IP 192.168.0.1 is a non-routable address. Devices come configured with that IP set for security reasons. It can only be routed internally within your own subnet.
|
|
It's a standard as 192.168.x.x is a private class and 192.168.0.1 is the first usable ip address from that class. It's somehow normal fore that ip ip address to be used as default for equipments as routers, ap's upper layer switches, etc that are intended for internal LANs. I never heared of something to be written about this ip address being standard but don't think that you'd like to guess what ip some router has (let;'s say that you don't have technical specs) and the ip to be 192.168.235.67 also, I've seen some ap's that have 192.168.1.1 as default ip
Kronos
|
|
Thanks for basically saying exactly what I said kronostm.
|
|
Sorry, we were posting in the same time. And , as a matter, i don't think we were saying the same thing. ;) I think your post was quicker and better
best regards Kronos
|
|
Well, not exactly. 192.168.0.1 is a routable address, but it is not a public address. Is a de facto standard
|
|
It's ok. I'm just sitting here at the office today with very little to do, so I'm bouncing around posting my .02 cents here and there!
|
|
|
|
Randy.. your question has been answered.. I think you should award the points accordingly. If it hasn't been answered specific enough, give us some feedback!
|
|
Thanks!
|
|
If you enable Internet connection Sharing in XP Pro it gives the dail-up pc the IP address of 192.168.0.1, and then the other pc's on your network will use 192.168.0.1 as their default gateway if you run the netw. setup wizzard on them.
|
|
yeh thats right
|
|
192.168.0.1 is in fact a "routable" address. It's not routable across the internet because no routers will actually route that address as it has been set aside for "private" networking.
|
|
personally i think 192.168.0.1 is routable since tcp/ip is routable.wht i only see is since is a default ip thats so many routers and servers use to come with that ip. thank you
|
|
:) short one ip in LAN :) who could be out the lan network , and the others from internet could connect on it , before they connect the main server :)
|
|
FYI - 192.168.x.x is the default address for SMC routers. You can actually talk to the router by putting is the address 192.168.2.1 on your browser address line.
|
|
192.168.x.x is "routable", but not internet friendly... if you want to be fun with words. Internal networks (home, not internet) usually use 192.168.x.x because the internet is agreed to not recognize that IP... so your router handles the traffic and sends it to your machine. Just a note about this IP address. Some people think that because you have this IP...and the internet cant access it, (PLUS!! your router is a "hardware firewall" - will explain if necessary...probably not) that you are safe from the internet. NOT TRUE! The 192.168.x.x makes you free from communicating to the internet directly but indirectly, you are almost as open as anybody. (almost, because the router is the first to get hit and does serve as a firewall... sort of...) So, if you have this IP... bear in mind... you still NEED an antivirus program and a software based firewall to stop unwanted access. I mention that only because a lot of users somehow think that the 192.168.x.x numbers protect them somehow...
|
|
I'm a network engineer working for a national technical company. I thought I'd drop in and try to sort out the debate a little.
192.168.x.x is a Class C private side subnet. It is routable as are all IP subnets (if allowed by the protocol). Many routers will not route any of the private side subnets for security reasons however.
When you are using local router for your computer(s) which has assigned you an IP address scheme inside a private side subnet, this is because it is running Network Address Translation (NAT). This allows the router to only use one IP address assigned from your ISP and allow multiple computers to get out to the internet. In other words, it breaks up one IP address into many connections.
NAT makes your systems very secure from outside attempts at remotely accessing your computer. It does nothing to protect you from viruses and the like. While NAT is not designed to be a form of firewalling, it effectively only allows traffic into your local computers if it was initiated by the local computer. So if you go to a webpage, it allows the webpage to come through because you requested it. This can be circumvented, but it is nearly impossible to do this in reality.
If your router also has a built in firewall, you are doubley protected. Personally I think that this is overkill. However the companies that build routers know that they will get more sales if it also says the buzzword "firewall" on the package. Most people have no clue what NAT is.
Hope this helps.
|
|
I cannot agree that NAT offers very secure conection to outside world. Viruses like Blaster, sasser and welchia proved that its possible to pass thru gateways (and NATs) into internal network...
|
|
I think what you have to bear in mind is... NAT makes the computer "invisible" only in that the IP is masked. Once the file (virus, trojan, etc...) is on you computer (via email, file sharing, IRC, etc...) it doesnt do anything. You can run a server if you are using a Router as a firewall as long as the ports are open. You acheive this by communicating with the router using software. Software can run itself....
A firewall only works as long as it is configured correctly. Most people dont realise this.
Those were just 2 comments I wanted to make. Personally, I have a NAT setup, plus I run Zonealarm Pro, and run antivirus software... plus I now run A-squared (giving it a shakedown...) to stop the trackers. I am still not secure as I would like, though. Personally, I believe that the more freedom you want on the internet, the more exposure you are likely to have. Its like driving a car. We all know the risks...its up to us to ensure we are safe as we can possibly be.
|
|
|
|
The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks:
10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Note that the first block is nothing but a single class A network number, while the second block is a set of 16 contiguous class B network numbers, and the third block is a set of 255 contiguous class C network numbers. The complete RFC 1918 can be found via FTP on nic.ddn.mil.
|
|
Thanks, but that doesn't answer anything I asked. Or atleast, it doesn't for a network noob like me. ;)
frankralph
|
|
A 10.0.0.0 /8 network is no more secure than a 192.168.1.0 /24 network. They are both "private" networks and therefore will not be routed on the internet. The subnet mask designates how many bits in the network address number are designated for the network "number" and how many hosts are available with said mask.
The "Class" designation was used by IANA originally for special networks. There is really no difference between the three network classes (provided that you are using the correct bit mask) since they are all private numbers used on private networks . There are 10.x.x.x networks on the internet but not with a /8 bitmask.
Technically you can use whatever number you want on your private network since it will never (or rather "should never") be routed on the internet.
I hope this answers your question.
|
|
Sure does, thanks jhinckley! :)
|
|
With regards to the worms getting through router setups, most of the virus you mentioned can be prevented from spreading to the world provided the any outgoing traffic through port 139 (IIRC) is blocked - most routers can have rules set up to do this, but people don't normally set outgoing rule restrictions out of the network in this way.
|
|
Just a quick point on "routable" vs "non-routable". for all intents and purposes, private IPs are non-routable. Try to ping any other private subnet from your machine and you will 99.9% of the time never get a response. Most routers won't even acknowledge that you are tying to reach a public destination with a private IP address. If private IPs were truly routable, then the internet wouldn't work because everyone an their mom would have duplicate ip errors all over the place. If you have two separate private subnets on your local network, you would not be able to ping from one subnet to the other.
|
|
119support, you have a limited vision of networking based on your experiences using the Internet. All IP addresses are routable, and routers will do whatever you tell them to do. If you tell your router to route 192.168.0.0 /16 (or 10.0.0.0 /8 etc.), it will comply. Or if dynamic routing is turned on, it will not even wait for you to tell it to. The correctly stated reason that those subnets are not able to be used out on the Internet is that the core routers that make up the Internet are set up to block traffic coming from a source address in those subnets. It is NOT that they aren't routable- that is a wrong conclusion.
And while we're at it, let's not lump all routers together, or you'd have to put Windows NT workstations with two NIC's in that class as well (and no one wants that). The little "routers" you buy for your home Internet are not the same as a more sophisticated router from Cisco or Foundry or Juniper etc.
Two more minor corrections: -192.168.0.0 is a set of 256 contiguous class C network numbers (not 255) -using a single IP address as the source address for outgoing traffic from many "inside" addresses (many to one) is actually properly called PAT (port address translation), not NAT (network address translation). The original NAT environment is strictly one-to-one translation. PAT allows a "port" to also be appended to an outgoing source address, so that the device doing the translation can remember who is who for return traffic.
|
|
rburns50 - I entrirely agree - particularly with:
"...or you'd have to put Windows NT workstations with two NIC's in that class as well (and no one wants that)..."
I love that phrase, and if I was geek enough, I'd have that on a T-shirt by the end of the week.
:-D
|
|
I guess there has to be one on every board..
If u read my response, i didn't say they were NOT routable, i said, for all intents and purposes they are non-routable....and YOUR statement, "The correctly stated reason that those subnets are not able to be used out on the Internet is that the core routers that make up the Internet are set up to block traffic coming from a source address in those subnets" backs up my entire post. Technically, IPs are IPs, and all IPs can be routed. BUT, because we have set aside certain subnets as private, the routers on the internet cannot, excuse me, will not, route private IPs. Therefore, my original statement stands, FOR ALL INTENTS AND PURPOSES, they are non-routable. The terms routable and non-routable are used to describe the difference between public and private IPs. PUBLIC IPs can be routed through the internet, PRIVATE IPs can NOT be routed through the interent. That is why they are considered non-routable.
|
|
You say tomato, I say tom-ah-to. Sorry to correct you, but I get a little weary of people taking the Internet as the only real form of networking in the world, and ignoring the pure nature of networking and routing. Just to rub a little salt in the wound, not all IP's are routable, as you state (or did you preface it by "all intents and purposes again"?). Try routing Class D or Class E addresses, or 127.0.0.0....
While I'm on a roll, your last statement in the original post was a little narrow too- "If you have two separate private subnets on your local network, you would not be able to ping from one subnet to the other." Really? That's kind of the nature of routing, isn't it? Oh I know...you are talking about a non-router scenario, right? Well, if that's the case, how would you have connected the two private subnets in the first place? Why would you even have two private subnets, if you hadn't intended to route traffic between them (but block layer 2 frames)? My mind is swimming with ideas...none of which make sense.
Sorry 119support...I don't mean to pick on you. Your response to my posting just goaded me into more malicious fun at your expense. No offense meant- I just love debating technology, and you were an easy target. You sound very knowledgeable, and I know you know what you are talking about. Have a nice day.
|
|
I see two prams and a lot of toys and a lot of toys in this thread.
I think what RB is trying to say is that since the introduction of the internet, there are certain configurations that help the internet work, and many people assume that the internet is how networking works. However, the internet is a sub-set of networking technologies as a whole.
The network router does as it is told. So you can assign 192.168.0.0 to a device if you like, although you'll have other problems to deal with ;-) You can allow or block ICMP traffic between subnets and most people do, and you can publish an IP address such as 10.0.0.1, and have that IP address associated with one specific machine and visible on all subnets, however far apart.
Like me, RB has probably been up and down the technology stack a few times over the years, and we can get a little grumpy. But he is right, to all intents and purposes (grin)
Now lets all calm down and let this thread die.
|
|
Thanks dad...sorry for my naughtiness. Hey 119support, I really meant I what I said about you knowing your stuff. I wasn't trying to be mean, and I have no axe to grind (not even grumpy). I just like to bug people I guess...no harm intended.
|
|
"You say tomato, I say tom-ah-to. Sorry to correct you, but I get a little weary of people taking the Internet as the only real form of networking in the world, and ignoring the pure nature of networking and routing."
Which is why I never argued any of your points because I knew that for the most part, they were correct. The purpose of my response was to explain the difference between the two terms as it relates to the majority of users. The internet is networing for most users, they don't really care about the "geek" answer. What is the "out of the box" answer? Its that private IPs are non-routable. That's all most users need to know because to them, the internet is networking. As long as the average user understands that you cannot route private IPs through the internet, then we as network admins, have a lot less explaining and troubleshooting to do. I can't tell you how many times someone has called and complained that he can't get to his computer at home by typing 192.168.1.103 in his Remote desktop connection software while vacationing in Florida.
So for him, and 90% of the people in this country, private IPs are non-routable IPs.
In-recap, you are 100% correct that private IPs can be routed, but private IPs are called "non-routable" IPs because they cannot be routed through the Internet. I was just trying to give the "canned" answer as to why private IPs were and are being called 'non-routable."
And just because you are on a roll..... - from your most recent post: "Just to rub a little salt in the wound, not all IP's are routable, as you state (or did you preface it by "all intents and purposes again"?). Try routing Class D or Class E addresses, or 127.0.0.0...." - from your first post: " All IP addresses are routable, and routers will do whatever you tell them to do."
So seriously, which one is it?
hehe...had to bust your balls on that one.
Take care...look forward to getting into the geek chat with ya a few more times as there are always knew things to learn.
|
|
I love it when people quote me...nice work....caught me at me double-faced best. Ciao..
|
|
To quote rburns50:
"-192.168.0.0 is a set of 256 contiguous class C network numbers (not 255)"
This is mathematically true. However; It should be noted that the first number 192.168.0.0 (using /24) is not useable as it is designated as the network number (by the bitmask) and 192.168.0.255 is also not useable as it is the broadcast address. So actually there are only 254 *useable* addresses.
Nice post. :)
- jhinckley
|
|
Almost right...except that we are talking about a /16 block, not a /24 block. I was correct in stating that 192.168.0.0 (which was referring to an earlier post about blocks of "reserved addresses) contains 256 contiguous Class C (/24) subnets. All of those 256 /24 subnets are available for use. I guess I should have been more specific in my statement, and added the /16 mask to it...which I thought was implied by the earlier post.
Thanks for forcing the clarification, JH.
|
|
119Support said: "I can't tell you how many times someone has called and complained that he can't get to his computer at home by typing 192.168.1.103 in his Remote desktop connection software while vacationing in Florida. "
ahhh, but it can! Don't either of you use VPN or PPTP? I access my computer at work from all over the world! I use a software called Netscreen Remote which provides the tunnel and I use either RDP or VNC to access my computer.
As was stated before, if the ports on the router are open, you can normally go anywhere.
Jodyman
|
|
What you are saying about the 192.168.1.103 ip above... is a bit misleading. To anyone familiar with VPN and PPTP what you say is a bit of a no brainer...but you arent truly accessing the 192.xxx.xxx.xxx number via the internet. You are accessing the routers IP, followed by the Router's path to the 192.xxx.xxx.xxx. Routers and gateways that access the internet generally use an internet friendly IP.
192.xxx.xxx.xxx is (in itself) quite simply, not an internet IP.
|
|
^ excatly.
in addition...PPTP is a VPN.
|
|
no... PPTP is a tunneling protocol, while VPN is a network. you don't say "TCP/IP is the Internet", do you... a VPN can be established via means of different protocols (such as PPTP, LT2P, etc), but there is no equal sign between them. But that's a whole different topic.
|
|
In the day's before the invention of ISP's. Routers were pretty dumb devices. Keeping private subnets off the internet was the responsibility of the tech's. If you allowed a private IP to be exposed to the internet you would get in big trouble and yelled at by rest of your peers and could face significant consequences from the Feds.
|
|
well when u configured a dlink router u will the default gateway like 192.168.0.1 it also depends on the model no of the router as well
|
|
Let the question die already!!!!
|
|
But it's so much fun! So much good stuff has been said. Just to confuse everything I was reading a tute yesterday on crafting packets that have RFC 1918 (private) addresses down as source but can still route over the Internet.
Some people refer to them as bogon addresses - and they *should never* appear outside the perimeter - but they DO! All the time! How is that? I might suggest GivenRandy that you take the "experts" approach and form your own opinion from the wealth of knowledge above, some which obviously comes from textbooks and some which comes from the real world.
And in terms of a special meaning - well it has a special meaning to me, I always configure internal nets as 192.168.0/24 - where I could use 10.x or 172.168.x etc but nuh, the first address is always 192.168.0.1. I get weepy and nostalgic just thinking about it. Then again if a pretty girl tells me her number I forget it straight away but I could probably tell you the IPs of most of the serious servers I have built. BUt there is nothing more disparate than the talk of pretty girls and the talk of IP subnetting (unless of course it is the pretty girls doing the talking...)
So maybe after this inordinateley lengthy thread 192.168.0.1 will forever have a special meaning for you GivenRandy?
|