192.168 Exclusive to LAN?

Hello there.

In Comodo v3, I’ve allowed in global rules inbound connections in the 192.168.xxx.xxx range.

My question is, is this IP-adress range made exclusive to the LAN by some kind of organisation, or could, in the domain of the possible, packets coming from the 192.168.xxx.xxx range someday enter my machine from the WAN?

These are private addresses to your LAN. And lots of other LANs, actually. But your router is a gateway and uses Network Address Translation (NAT) to make sure only traffic connected to your particular LAN shows up there. If you look at Wikipedia there are reasonably readable discussions on how NAT works and the difference between Private (only addressable within your LAN) and Public (addressable from the Internet WAN) IP addresses and how NAT takes care of sorting it all out.

I mean, I’m familiar with the working of NAT routers and DHCP.
Let me just restate my question so as it be more understandable:

Upon installation of Comodo v3, I was under the protection of a router, and upon detection of new network zones, I’ve marked them as “trusted”, that is, IPs in the 192.168.xxx.xxx range have since been allowed to initiate connections by themselves to reach me, and this for various purposes.

But then, the router broke, and I was obliged to purcharse a new one online. While it is in shipping process, I have no choice but to connect to the Internet directly, that is, to connect the Ethernet cable directly into the modem that’s secured to the ISP.

But, the question is: until the new NAT router arrives, should I temporarily deny incoming connections in the LAN-that-has-previously-been range, or I’m fine without modifying these global rules for the week?

In other words, would it possible for WAN, i.e. “external” IP adresses, to be part of that 192.168.xxx.xxx range, and thus for somebody e.g. in Yukon or Yugoslavia to initiate connections recognized as secure by my system, or is keeping these IP addresses trusted as reflected by my global list perfectly safe anyway?

The 192.168.x.x range of IP addresses are Reserved by the IANA, specifically for Local Area Network usage. They are non-routable in a non-network setting (ie, over the internet) and you will not find them accessing your computer from the internet.

IF your modem is a cable modem, it is possible (even probable) that your ISP creates a sort of “network” of users located geographically, which might be defined by the ISP’s hardware with internal IP addresses. Normally, these show up in the 10.0.x.x range, rather than 192.168.x.x.

If you have any concerns about the security at all, it’s easy enough to change those rules, or remove them, so that there’s no chance of illicit connections being created.

Hope that helps,


Assigned by the “Internet Assigned Numbers Authority”, huh?
that’s the kind of answer I’ve been looking for…

=- I only know enough to know that I don’t know how much I don’t know -=

thanks for the enlightenment. :wink:

No problem, twipley. Here’s an IANA excerpt regarding IPs in this range:

OrgName: Internet Assigned Numbers Authority OrgID: IANA Address: 4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country: US

NetRange: -
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment: http://www.arin.net/reference/rfc/rfc1918.txt

Another way you can test is to type something like in your browser’s address bar, and click Go. It will get you nowhere. On the other hand, type a known IP address like (the page we’re on) in your browser’s address bar, and click Go. Page pulls right up.