Date: Thu, 14 Apr 2005 11:52:05 -0700 From: Kurt Buff <kurt.buff@gmail.com> To: Dan Nelson <dnelson@allantgroup.com> Cc: freebsd-questions@freebsd.org Subject: Re: Routing question? second reply Message-ID: <425EBBD5.4000807@gmail.com> In-Reply-To: <20050414013943.GG4842@dan.emsphone.com> References: <425DAA56.7040707@spro.net> <20050414013943.GG4842@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Nelson wrote: > In the last episode (Apr 13), Kurt Buff said: > >>I have a FreeBSD 5.3 box running >>postfix/amavisd-new/spamassassin/clamav. Currently, we have two >>entrances to our network, one is the Watchguard FBIII for our T1, the >>other is a PC running Win2k and Winproxy, serving our DSL line. The >>PC is starting to flake out, and I'd like to replace it with a >>Wachguard SOHO that we have laying around. > > > It might be easier to just hang your DSL line off your External or > Optional network, so you can enable the FBIII's SMTP filtering on both > your DSL and T1 lines. Hanging it off a SOHO in your Trusted network > is a bit less secure (but no worse than your winproxy setup). On further thought, this isn't going to work. Aside from layer 8 issues, we also want to use the optional port for an IM solution for customer support, and eventually we're going to pull our web site into it. Unless I'm misunderstanding your thoughts... >>The default gateway for the FreeBSD box is pointed at the WG FBIII, >>as that's the way most of our email comes through. >> >>What the PC with Winproxy does is accept inbound email connections to >>our secondary MX, and presents them to the FreeBSD box. I'm assuming >>that the Winproxy program was doing something funky to make all of >>this happen, but I'm really set on replacing it. This has been >>working for a year or two, but lately the Winproxy program on the PC >>is falling over several times a day. It's not a hardware error - all >>other programs on the machine work just fine, but Winproxy is dieing. >> >>When I hook up the SOHO, I can't get emails through the DSL line. > > > What fails? Do you get connection refused? Maybe you just need to > open port 25 incoming on the SOHO and redirect it to the FreeBSD box's > IP (set up an alias IP in the SOHO's default 192.168.111/24 network if > you can't get the SOHO to use your exisitng Trusted network as its > trusted network). > > I have a Firebox 1000 and a SOHO at work but don't have the SOHO's > password on me so I can't tell you exactly what to set where :) I've got someone at WG looking at the SOHO setup for me, and they're starting to come to my conclusion - it's going to require more smarts for the postfix box. I'm thinking zebra/quagga might be required, perhaps even if we put the postfix box in the DMZ/optional area of the FBIII, 'cause the postfix box needs to know where to pitch packets after receiving them.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?425EBBD5.4000807>