Originally Posted by majkelos
User on LAN can use this address to work on internet.
From your description thus far, it is unclear whether there is another route your public addressed hosts can take to reach the Internet, or whether all hosts in this segment of public addresses have
to traverse this NAT'ed interface mentioned at the beginning of this thread. I suspect that this private addressed parent segment is later NAT'ed to the public Internet & that you do not need to worry about the fact that your firewall's external address is a RFC1918 private address. But this is simply conjecture on my part.
It is also unclear whether these public addressed hosts are sanctioned
public addresses or whether someone arbitrarily decided to use these addresses deep down within a private network. The question here is whether these addresses will collide with other hosts using the same addresses in the wild.
In any event, it sounds like this is a complex corporate network where portions are connected to other portions (possibly through acquistions)
through BGP. Neither am I familiar with your network structure nor all of the idiosyncrasies of BGP to fully answer your questions. What is clear is that this is not a simple topology, & that working with the thought of "all public addresses should be publicly accessible"
may be an oversimplification.
In order for you to understand the interconnections, it appears there are two choices:
- Play with traceroute(8) to see how packets are traversing your network structure to outside hosts. If you have the facilities, you might try using traceroute(8) outside to see if you can get into your internal hosts. I suspect the latter will be blocked by one or more firewalls, but this too is conjecture on my part.
- Talk to your ISP.
Good luck with your quest.