THE OFFICIAL BLOG OF THE SBS DIVA

Tony posts that one should santitize the Ipconfig/all posting that is done in the newsgroups and I'd like to clarify one point he's made.  He says that you should clean out the 192.168.16.x and 10.0.0.x addresses in your post and I disagree.  While those are class c and class a “private” ranges they are so well known of internal IP address ranges that IMHO, you aren't disclosing anything that your email header doesn't post in more stuff on.  I would recommend taking off an “external” IP address [something your ISP gave you, but posting in ipconfig/all shouldn't also expose your ISP's DNS info [and it's not like an ISP's DNS isn't googable anyway.  We as SBSers don't “host” our own public DNS.

So what are the standard IP addresss that are considered “private“ but so used by everyone that it's common knowledge?  There's a page here that talks about the 'standards“.  In general in SBS land, back in the SBS 4.0/4.5 days we used a “class a“ with a kind of “class c“ subnet mask.  What's a subnet mask?  It's the part of the IP address that lets that system know how big of a network range it's going to talk to.

Back in SBS 4.0/4.5 we used 10.0.0.2 with a 255.255.255.0 mask.  That meant that as long as a computer had a IP address that started with 10.0.0.X, our server would “talk“ to that system.  You'll also see it noted as a 10.0.0.X/24. 

Now in SBS 2003 our default “'base“ range is a classic “C“ address of 192.168.16.x [where the server is normally 192.168.16.2].  Again the subnet mask of 255.255.255.0 makes that system “talk“ only to the 250 someodd systems in that range.  What that 255.255.255.255 mask really means is this.

As per RFC 1918, these address are “non routable“ they are your “inside“ addresses.  What many consultants do is pick that 172.16.x.x range and that is more often than not, NOT in a SBS network and thus any static VPN routing that the internal firm may do won't mess with that consultant's own ranges and settings.

What do I mean by Class “A“, and Class “C“?  These are agreed upon naming ranges for “private“ non-routable addresses.  Typically the Class A is a 10.x.x.x with a netmask of 255.0.0.0 and Class C is a 192.168.16.x with a net mask of 255.255.255.0, Thus in the SBS 4.0/4.5 days our 10.0.0.x/subnet of 255.255.255.0 was kinda not exactly the best setup.  Our new default of 192.168.16.x is the proper way to name our internal range.

In computers the use of “on“ and “off“ is really what everything talks in, so 255 is in reality the value of 11111111

Starting from right to left in a logarithmic fashion it's the total of

128   64   32   16   8   4   2   1  = 255

   1    1     1     1    1   1   1   1  = 255

Which is telling that system match every single number from the IP “octet“ [between the “.“] to the IP address that you are comparing it to. So a 192.168.16.2 with a subnet of 255.255.255.0 can talk to a 192.168.16.200 that also has a subnet of 255.255.255.0, because the “0“ at the end is telling the system “okay you talk to ANYTHING in the 192.168.16.1 to 192.168.16.255 range and I won't care“.

See how it works?

So when your ISP gives you an external REALLY PUBLIC IP address and the net mask is set for 255.255.255.248, it's saying the following:

128   64   32   16   8    _   _  _  = 248

   1    1     1     1    1   0   0   0  = 248

And because 1 + 2 + 4 = 7, your ISP has just given you only “that“ IP addresses that your public IP can talk to [normally a gateway IP address and 6 public IP addresses.   Get it? [Assuming I'm doing that right, someone correct me if I'm wrong]

So bottom line when you post your IPconfig /all in the public newsgroups DO clear out an PUBLIC Ip addresses that your ISP gave you but I would argue there's no need to clear out the 192.168.16.x stuff.  Wouldn't take a rocket scientist to know that we're “supposed” to be using those inside our networks.