<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Am 18.07.2016 um 10:57 schrieb Anders
Jackson:<br>
</div>
<blockquote
cite="mid:CACXJ-Bgwhmpo+0HiEXU18XGZX745JBgq1Gu+JcfOhtwyXxpjkA@mail.gmail.com"
type="cite">> Can you think of any downsides of such a config?</blockquote>
<br>
Hi.<br>
<br>
my post shall not be negative, I am just listing the downsides<br>
I can think of currently.<br>
Possible solution: Enable seperate IP per Service.<br>
So I have "freedombox" as one Ip and perhaps just one other for one
special service.<br>
<br>
<br>
Yes, there is a downside:<br>
If you think about the "common people" who just "buy a freedombox",<br>
they currently can just rely to "the freedombox is ....".<br>
You can even just enter "freedombox" into the application and then
it works.<br>
(because of Laziness I do this in putty and the browser rather than
the ip)<br>
<br>
>> would it be then that those dns records for the internal
network would get<br>
made automatically ?<br>
<br>
So I don't have to worry about where it is, when I type
"ssh.freedombox" into putty ?<br>
(same for any other Service)<br>
<br>
Another Downside: If you mesh / share your network, you are blocking
a lot of IPs.<br>
I specifically think about meshing to Freifunk with the freedombox,<br>
they use the 10.xxxx in their network for normal IP assignment,
which is then a normal<br>
IP in their neworks. As they have relatively big networks (for a
whole city), 10 frreomboxes<br>
make then 100 client-ips.<br>
(I currently don't care about how NAT for intern and extern is
implemented,<br>
perhaps the IP is just intern and you only get ONE external IP or
so)<br>
<br>
Last Downside:<br>
In terms of security it's then just a DNS lookup to see your
services running.<br>
I am not a security expert, but against port-scanning and
port-probing,<br>
there are certain concepts like "if you try 5 ports in a row, you
get no further info",<br>
and so on. don't know, whether this is an issue, but could be.<br>
<br>
<b>I suggest to make this an option per service.</b><br>
Along with custom Names.<br>
mail.freedombox..... then connects to Freedombox' Mail service :)<br>
<br>
Kind Regards from Germany,<br>
Karlheinz Meier<br>
<br>
</body>
</html>