Refuse een assignment because it 'cannot' be routed?
Anne Marcel Roorda
Mon Mar 5 18:42:11 CET 2001
> <snip analogy about renting a house> > <snip part about dhcp for dialup which imho is not relevant> > > > > Very clever, indeed, in particular when someone tries to do stuff that > > > is security-aware. > > > > Like what? Almost anything is possible from behind a dynamic > > IP address. > > I want to connect, from home, to a server behind my company's firewall. The > firewall only allows connections based on source ip address. > Our firewall admin cannot be persuaded to open it up for the whole /19 or > whatever my isp uses for its dhcp pool. > Hi, And rightly so. Opening up a secure server to an IP number outside of your direct sphere of influence is asking for trouble, and leads to security nightmares. I'm surprised he'd be willing to open it up to a /32 from outside. > > > If you want to run services then get a commercial account from > > your provider, or find a provider that will allocate you static > > IP space. > > This is the problem that caused me to start this discussion: in my area > there is no broadband (cable/dsl) provider offering static ip for a > reasonable price. If I get a 'commercial' account I need to pay 4(!) times > as much as I would for a 'noncommercial' account *per month*; I do not > consider this reasonable, even if it does include a bunch of other things I > do not want (router etc.). > > So by posting here, I hoped to find some arguments to use in convincing the > ISPs in my area. Regulation from RIPE [NCC] would have been nice... alas. This would seem like a clasic case of the wrong solution for a simple problem. > > Suggestions are still welcome :) There are a lot of VPN products out there, some better then others. Setting up a jump host outside the firewall may also be a sollution to your problems. I suggest that you contact your local security officer for possible sollutions. Regards, - marcel
[ lir-wg Archive ]