Hi
Can someone from Bluewin/Swisscom please provide me with a list of all possible dynamic IP-ranges Bluewin offers to its customers? I need this for a firewall rule that should give access to a service for all Bluewin customers.
Thanks a lot. Regards, Philip
Am 07.03.2011 13:02, schrieb Philip Iezzi:
Can someone from Bluewin/Swisscom please provide me with a list of all possible dynamic IP-ranges Bluewin offers to its customers? I need this for a firewall rule that should give access to a service for all Bluewin customers.
'sh ip bgp regexp _44038_' would help, I assume. But note there are plenty of more-specifics for traffic engineering.
F.
Am 09.03.2011 08:02, schrieb Steven.Glogger@swisscom.com:
'sh ip bgp regexp _44038_' would help, I assume. But note there are plenty of more-specifics for traffic engineering.
actually you get too much - not only bluewin ,-)
... and after the next Swisscom reorganisation you get less if you stick to AS44038
*scnr*
F.
On 03/ 7/11 01:02 PM, Philip Iezzi wrote:
Hi
Can someone from Bluewin/Swisscom please provide me with a list of all possible dynamic IP-ranges Bluewin offers to its customers? I need this for a firewall rule that should give access to a service for all Bluewin customers.
Hi Philip
If you're providing a service for all Bluewin customers, I assume that the project partner is Swisscom. So I'm your project partner within Swisscom can give you the desired IP range information.
Kind regards
Stefan Rothenbuehler System Engineer UNIX Swisscom (Schweiz) AG
Hello
* on the Wed, Mar 09, 2011 at 04:28:34PM +0100, Stefan Rothenbuehler wrote:
If you're providing a service for all Bluewin customers, I assume that the project partner is Swisscom. So I'm your project partner within Swisscom can give you the desired IP range information.
You might be shocked to hear that it's possible that an ISP wants to whitelist all Bluewin-Ranges *despite* having nothing to do with Swisscom or Bluewin itself.
In fact, we also have the same issue; we need to firewall something, but our customer, which happens to use a dynamic IP in the Swisscom/Bluewin range, needs to have access. And its far better to allow all your dynamic IP-ranges than to allow the rest of the world as well.
Cheers Seegras
Dear all
Since our IP-addresses are not a secret, I can deliver them on request. We are thinking about a separate webpage where we publish our customer-ranges. There are more and more such requests from customers/partners/providers for this.
Cheers, Günti
|-----Original Message----- |From: swinog-bounces@lists.swinog.ch [mailto:swinog- |bounces@lists.swinog.ch] On Behalf Of Peter Keel |Sent: Tuesday, March 15, 2011 9:44 AM |To: Stefan Rothenbuehler |Cc: swinog@lists.swinog.ch |Subject: Re: [swinog] Bluewin dynamic IP-ranges | |Hello | |* on the Wed, Mar 09, 2011 at 04:28:34PM +0100, Stefan Rothenbuehler |wrote: |> If you're providing a service for all Bluewin customers, I assume |> that the project partner is Swisscom. |> So I'm your project partner within Swisscom can give you the desired |> IP range information. | |You might be shocked to hear that it's possible that an ISP wants to |whitelist all Bluewin-Ranges *despite* having nothing to do with |Swisscom or Bluewin itself. | |In fact, we also have the same issue; we need to firewall something, |but our customer, which happens to use a dynamic IP in the |Swisscom/Bluewin |range, needs to have access. And its far better to allow all your |dynamic |IP-ranges than to allow the rest of the world as well. | |Cheers |Seegras |-- |"Those who give up essential liberties for temporary safety deserve |neither liberty nor safety." -- Benjamin Franklin |"It's also true that those who would give up privacy for security are |likely to end up with neither." -- Bruce Schneier | | |_______________________________________________ |swinog mailing list |swinog@lists.swinog.ch |http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Hello
* on the Tue, Mar 15, 2011 at 10:28:34AM +0100, Robert.Guentensperger@swisscom.com wrote:
Since our IP-addresses are not a secret, I can deliver them on request. We are thinking about a separate webpage where we publish our customer- ranges.
Good idea. Right now, we just whitelist the whole AS44038-Range; but of course knowing specifically the dynamic-ranges would be useful.
Cheers Seegras
On 2011-Mar-15 10:28, Robert.Guentensperger@swisscom.com wrote:
Dear all
Since our IP-addresses are not a secret, I can deliver them on request. We are thinking about a separate webpage where we publish our customer-ranges. There are more and more such requests from customers/partners/providers for this.
There is this great thing called RPSL that can be used for this. Just create a set of addresses with a certain name and provide people with that name. Then you just have to tell people to reload that set every X days and presto, everybody has correct info.
(Indeed, you don't have to use every data point in RIPE IRR for routing, one can also use it for documenting these kind of things ;)
Greets, Jeroen
-
Fredy Kuenzler -
Jeroen Massar -
Peter Keel -
Philip Iezzi -
Robert.Guentensperger@swisscom.com -
Stefan Rothenbuehler -
Steven.Glogger@swisscom.com