Refuse een assignment because it 'cannot' be routed?

> <snip analogy about renting a house>
> <snip part about dhcp for dialup which imho is not relevant>
> 
> > >   Very clever, indeed, in particular when someone tries to do stuff that
> > >   is security-aware.
> >
> >   Like what? Almost anything is possible from behind a dynamic
> > IP address.
> 
> I want to connect, from home, to a server behind my company's firewall. The
> firewall only allows connections based on source ip address.
> Our firewall admin cannot be persuaded to open it up for the whole /19 or
> whatever  my isp uses for its dhcp pool.
> 

Hi,

  And rightly so. Opening up a secure server to an IP number
outside of your direct sphere of influence is asking for
trouble, and leads to security nightmares. I'm surprised he'd be
willing to open it up to a /32 from outside.

> 
> >   If you want to run services then get a commercial account from
> > your provider, or find a provider that will allocate you static
> > IP space.
> 
> This is the problem that caused me to start this discussion: in my area
> there is no broadband (cable/dsl) provider offering static ip for a
> reasonable price. If I get a 'commercial' account I need to pay 4(!) times
> as much as I would for a 'noncommercial' account *per month*; I do not
> consider this reasonable, even if it does include a bunch of other things I
> do not want (router etc.).
> 
> So by posting here, I hoped to find some arguments to use in convincing the
> ISPs in my area. Regulation from RIPE [NCC] would have been nice... alas.

  This would seem like a clasic case of the wrong solution for a
simple problem.

> 
> Suggestions are still welcome :)

  There are a lot of VPN products out there, some better then
others. Setting up a jump host outside the firewall may also be
a sollution to your problems.

  I suggest that you contact your local security officer for
possible sollutions.

Regards,

- marcel