Re: [tlug] B Flets blocks port 25?

[Curt Sampson <cjs@example.com>]

On 2008-05-30 10:52 -0400 (Fri), Joe Larabell wrote:

> Yeah... but could I not simply tell my system that the gateway is off on 
> some other network?

Given that the gateway is what carries your packets *to* the other
networks, that would be counterproductive. :-)

> Or maybe just with a different CIDR?

That won't help with the gateway, since, as I mentioned above, that's
the one place you can send a packet to have it go anywhere other than
the local network. However, I have used this trick to make it easy to
use all 8 IP addresses available when your multi-address link is run
over PPPoE (which Usen's is not).

> Given the number of customers they must have, wasting all those IPs
> when there's probably only one gateway server for every N customers
> seems silly.

It's not. The issue is not the gateway server, but security. Every
customer has to be on a separate network to avoid customers,
inadvertantly or on purpose, hijacking other customers' IP addresses.
Otherwise I might, upon finding out that you run a mail server on an IP
on a shared network, start replying to ARPs for that IP address, and
suddenly your mail is coming to my system, where I accept it and read it
at my leasure.

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974   
Mobile sites and software consulting: http://www.starling-software.com