[38807] in North American Network Operators' Group
Re: What is up with 170.36.0.0/16
daemon@ATHENA.MIT.EDU (Christopher A. Woodfield)
Fri Jun 15 10:59:40 2001
Date: Fri, 15 Jun 2001 10:59:12 -0400
To: "Vivien M." <vivienm@dyndns.org>
Cc: nanog@merit.edu
Message-ID: <20010615105912.A5492@semihuman.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <NDBBKECCEHKIHGIMJECAAENDCJAA.vivienm@dyndns.org>
From: "Christopher A. Woodfield" <rekoil@semihuman.com>
Errors-To: owner-nanog-outgoing@merit.edu
The most obvious use for this setup (the reason I made several customers
implement it at my previous life as an abusecritter) ) is to close down an
open SMTP relay that couldn't otherwise be closed down (*cough* Cc:Mail
*cough*). Relaying is controlled on the publically accessable server, but
only mail destined for the target domain comes into the primary MX. Hence,
no thrid-party relaying.
-Chris
> Are you sure this couldn't be intentional?
>
> I've once seen a setup where you had the lowest-priority MX (by that, I mean
> the one with the lowest number, in case my wording is ambiguous or
> contradictory) being some host with an RFC 1918 IP, and then there was a
> higher-priority MX which was their NAT box. I'm guessing (I never sent mail
> there, or worked with this setup, thank god) that the idea was that
> connections to the RFC 1918 box would die, so remote MTAs would contact the
> NAT box and deliver there. The NAT box would then try to relay to the
> primary MX, and since it would obviously have an interface into the network
> with the RFC 1918 IPs, it would be able to deliver.
> This place doesn't seem to be using this setup anymore, although amusingly
> enough most of their NS records point to machines with 10.200 IPs.
>
> I agree that this type of thing is entirely dumb, but is there any reason
> that the network mentioned by the original poster couldn't be doing the same
> thing?
> Many large corporations that have been running IP networks since before Wall
> Street knew the meaning of the word Internet have different real blocks of
> IP space (usually in the class B space) for their "public" network and their
> corporate network...
>
--
---------------------------
Christopher A. Woodfield rekoil@semihuman.com
PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B
