I've been told, and it certainly seems to be convention, to assign the internal interface on the firewall (or router) an address that is low in the range. In a class C situation, the gateway address is often
*.*.*.1 .Why is this? What difference does it make if you use a different address in your private address range, such as 192.168.1.130, or
192.168.1.254 ?Does it really matter
In article , I'm Ted Jones Dammit!!! wrote: :I've been told, and it certainly seems to be convention, to assign the :internal interface on the firewall (or router) an address that is low :in the range. In a class C situation, the gateway address is often :*.*.*.1 .
:Why is this? What difference does it make if you use a different :address in your private address range, such as 192.168.1.130, or :192.168.1.254 ?
:Does it really matter
The only way in which it matters is that if one has a number of subnets, it is easier to remember a convention about the address than to remember an arbitrary address. Now, multiply that by the number of people who might need to configure a system for use on one of those subnets.
Also, if you might subnet later, you will probably have less work to do if the IP addresses of the infrastructure are close together rather than scattered at random. If your router or firewall is low in the address range and you subnet, then you probably only have to change its netmask, but if your router or firewall is at an IP address that would fall into a new subnet, then you would have to change its gateway address and its netmask both.
Is it possible that it would make a difference under certain hardware platforms, such as CISCO. I've seen some strange things on CISCO networks. For instance, we had a bunch of systems at one site, configured with no default gateway, that got infected with a virus. They started spitting out virus traffic to the internet even though they had no configured gateway, or route set on the client.
Ever seen anything like that?
Nope, AFAIK Cisco has no special affinity for using .1 as the router address.
Cisco routers perform proxy ARP by default. So if a machine on the LAN doesn't have its default gateway set, and simply ARPs for everything, the router connected to the Internet will respond.
Without a route corresponding to the destination, for what IP would the client arp? If the virus simply sends frames to the network addressed to ff-ff-ff-ff-ff-ff, the router may route them, no? That is, unless the router refused to route frames addressed to the broadcast mac. I suppose access to raw sockets would be required, but I believe xp provided that access pre-sp2.
The destination address, of course.
And if the router is doing proxy ARP, it can reply to this ARP request with its own MAC address. So the client will naturally forward the packet to the router. The router will then forward it toward the intended destination.
John Briggs
Is it possible that a slightly intelligent Virus was listening to routing broadcasts by the router, like maybe the routers had RIP or EIGRP enabled and the Virus made use of that to find the gateway?
Just a thought?
Dennis
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.