On Wed, 24 Mar 2004, Bob Poortinga wrote:
One may also ask: Why don't all ISPs block outbound port 25 for consumer
grade IP space?
I'm not really big on this kind of filtering. The reason is it's not
usually documented which ports are being blocked, and it can lead to some
really difficult problems to diagnose.
Example: I was running a custom service on port 4444 of one of my
machines. Some users said my host as unroutable from their locations.
It took me a while to find out that this was *only* true when they tried
to connect to that particular port! Some router along the way was
discarding any packets destined for 4444 with a "Host is unreachable"
response. (It seems to be a backbone provider that's doing it -- I've
seen it happen from at least two different, widely-seperated ISPs.)
You end up playing 'black box' games, trying various ports to try to
figure out where the problem is. This effectively makes the Internet
break in unpredictable ways. Network links shouldn't be
content-sensitive.