Dyndns (and knockd)
Matt Graham
danceswithcrows at usa.net
Wed Jun 13 15:54:09 MST 2007
Darrin Chandler <dwchandler at stilyagin.com>:
> On Wed, Jun 13, 2007 at 02:05:41PM -0700, Stephen wrote:
>> When cox finds out you're running a server, they just block your port.
>> As it's my own personal ssh server, not a public server, I don't
>> believe it falls under their rules against running a server. But I
>> guess they just like to block whatever they can.
Many ISPs do. IIRC it allows them to oversell their bandwidth if customers
are using less of it.
> "Personal" vs. "Public" probably doesn't even have a well-defined
> meaning in this case. You have (or had) a program listening for
> connections from the outside world, so that would constitute a server.
Yep. Some ISPs are much more lenient then others wrt the TOS. Comcast
here in MI hasn't *ever* blocked 22 or 80 (I think), despite the "no servers"
bits in the TOS.
> If one were sneaky, one might log attempts and find out where Cox's
> probes come from and block them
Or, put a -p tcp --dport 22 -j REJECT rule at/near the bottom of your INPUT
table. Then run knockd. Then knock appropriately, and have knockd insert a
-s %IP% -p tcp --dport 22 -j ALLOW rule at/near the top of your INPUT table.
There's probably a better way than this. And this wouldn't help if they were
smart about filtering/monitoring. But it's another thing to try.
> so that one would appear not to be running one's own server. But that is
> sneaky, and one would be violating the ToS that one agreed to.
"We think of them as guidelines, not rules. Guidelines were meant to be
broken too." Well, I've already found that Cox are more draconian than
others;
some of my co-workers who've already moved out to Phoenix had trouble with
their mail clients since they're blocking dest port 25 that doesn't have -d
smtp.cox.net instead of rate-limiting other destination addrs (or something).
So: How evil is the local evil DSL monopoly? I have 1.2 months until I move
out there, so there's time.
(I was going to lurk for at least 4 more days, but then this came up. Hi
everybody!
If you've read comp.os.linux.{hardware, misc, x, portable} in the last 7
years,
you've seen me there....)
More information about the PLUG-discuss
mailing list