For various reasons I finally ponied up the few dollars a month to get static IP addresses from Comcast (my ISP), and today was the day the stuff arrived and I disappeared from the world.

I run a small number of user websites, not unlike this, my personal blog. Nothing high traffic to be sure, although by looking at some of the logs and the attempts for spammers to slam crap into the comments on these trivial blogs, one might have to wonder. Because of the type and style, I figured I'd save a few dollars and be put into a pool of dynamic IP addresses.

I got around the problem of being served dynamic addresses by using on-line services such as ZoneEdit and FreeDNS (for which you will need to type afraid dot org by yourself as this blog software blocks that domain name for some reason) which work well with a simple cron job using wget to send a request to update the provided entry. The cron job runs twice a day, just in case, and except for when the cron job and DHCP renew are out of sync, it works just fine.

Additionally, typically with dynamic IPs, the machine will ask to renew the IP long before the lease expires, and generally the request will be granted. With this, and an always-on system, the IP address doesn't typically change.

Some time ago, however, Comcast replaced Time Warner as my ISP, and the rules changed. Among them, the dynamic IP would change at the end of the lease, no matter what, it seemed. This isn't so terrible if you're just an Internet client, but when you're trying to have a server on the Internet, it gets to be inconvenient.

The most inconvenient part is that, for starters, you're pooled in with every other subscriber who's just downloading their movies, or looking up cute kitten pictures, or whatever. These same other subscribers who way too often end up with malware on their systems, and send slews of unsolicited bulk e-mail to the rest of us.

Sometimes these systems get tagged in on-line systems that keep IPs of suspected and known junk-e-mailers so that e-mail administrators can have a line of defense (arguable as it is) against junk e-mailers. See, most Internet connected machines are used by end-users; just your friends and neighbors and strangers surfing the web and e-mailing their jokes and playing their games. Typically, they will be configured to talk to a server for certain things, and more specific to this purpose, like an e-mail server. Generally users will connect to their ISP or company mail server. This means that few of the systems out there are mail servers on purpose. Since the bulk of systems out there aren't used to serve mail, it's OK and usually beneficial to put them on lists and stop them from sending mail.

A few geeks, such as myself, have reasons to host their own. We have our reasons! When our networks get assigned to an IP that is on a blocked list, suddenly things stop working nice. Most of the lists have methods to remove an IP, but it usually ends up being the case that the listing is only noticed after some inconvenience.

Whatever.

So I decided to get a set of static IPs. I tried to get a block of 13, but evidently you need a good reason for that, so I accepted their block of 5, with intent of getting more later if I have to.

I received an e-mail from them on the ninth out of ten days it may take to get the ball rolling. Inconveniently, it stated that the modem I had wouldn't allow such activity, and that it needed to be replaced. Dreading a necessary home visit, I put off calling them to arrange it until I knew I'd be able to be home. Conveniently, I've been home sick for a few days with a cold (and avoiding the coworkers with the flu), so they stopped by today.

The fella was just supposed to drop off the new modem and allow me to self-install it, but he insisted it would only take a few minutes. I let it go, and we got everything going in about a half-hour. I spent a few minutes after he left applying static IPs to the routers, rewiring the once on-the-wire server to put it behind the unused VOIP router (the system is "scheduled" for replacement on the "any day now" plan).

After noticing I'd errantly assigned two devices the same IP (whoops...type what you mean, not what you see), and all three router/firewalls were running, connected to the Internet. I could see the Internet from systems passing through all three firewalls, and I could SSH from each to the other two networks. I have a web page on each server that will give me a peek back at the request, and I could double-check that each system was indeed making it through the firewall, and not using the private network. I reran the dynamic DNS update scripts, making a mental note to change that procedure, and everyone was happy.

I settled in to continue working, complimenting myself on a job well-done. Completely readdressed and back on-line in an hour.

The trouble was, that there was no traffic hitting either of the servers., Sometimes there's a span of DNS propagation that needs to take place; systems maintain a cache of entries, and they need to expire before the new entries are asked for. Still, after a while, I started to get nervous because even the probes looking by IP weren't getting through.

I checked from a remote system I have, and found I couldn't get in. I double-checked, then triple-checked, then checked one more time to make sure that the routers were working and that I could connect between them.

I finally caved and called Comcast support. A very friendly fella named "Joe" helped me out. He tried looking and "couldn't see any reason why not," and he couldn't connect with his web browser via IP or domain name either.

He enabled the customer admin of my router, giving me some additional, albeit limited, access to its configuration. A small number of mouse-clicks later on this heretofore unfamiliar router, I noticed that it, too, had a firewall and private network, and among the settings was an indication that it was blocking inbound traffic to the static IP address by default. I disabled this, which reset the router, and when it returned, traffic appeared in my logs. I checked for and disabled a few more blocking bits, and e-mail and SSH worked again, too. Now I just have to check my VOIP phone.

Three hours after I pat myself on the back, the Internet can again find these servers, and people can again find the musings and photos of my friends.