From owner-freebsd-questions@FreeBSD.ORG Thu Apr 14 18:56:39 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1626C16A4CE for ; Thu, 14 Apr 2005 18:56:39 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 85F2743D48 for ; Thu, 14 Apr 2005 18:56:38 +0000 (GMT) (envelope-from kurt.buff@gmail.com) Received: by rproxy.gmail.com with SMTP id j1so440125rnf for ; Thu, 14 Apr 2005 11:56:38 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:user-agent:x-accept-language:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=rk4lgIdRb1Auch2rhU17H2npowUARohjde4pzqcIIe4UeKheUqM/gDGMxaLjSsUc2y+uLJgC43JXKl7P8dbahpGqpWHgEtiC5XLqYWz4DVR439htvaKQ6PdehW0SdCq0d2IbQxPuRgpKRB0zHO704bUxhPqELIhUeP83A46uSl8= Received: by 10.38.75.21 with SMTP id x21mr2227040rna; Thu, 14 Apr 2005 11:56:37 -0700 (PDT) Received: from ?192.168.5.63? ([216.202.42.5]) by mx.gmail.com with ESMTP id k4sm846734rnd.2005.04.14.11.56.37; Thu, 14 Apr 2005 11:56:37 -0700 (PDT) Message-ID: <425EBBD5.4000807@gmail.com> Date: Thu, 14 Apr 2005 11:52:05 -0700 From: Kurt Buff User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Dan Nelson References: <425DAA56.7040707@spro.net> <20050414013943.GG4842@dan.emsphone.com> In-Reply-To: <20050414013943.GG4842@dan.emsphone.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: Routing question? second reply X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: kurt.buff@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2005 18:56:39 -0000 Dan Nelson wrote: > In the last episode (Apr 13), Kurt Buff said: > >>I have a FreeBSD 5.3 box running >>postfix/amavisd-new/spamassassin/clamav. Currently, we have two >>entrances to our network, one is the Watchguard FBIII for our T1, the >>other is a PC running Win2k and Winproxy, serving our DSL line. The >>PC is starting to flake out, and I'd like to replace it with a >>Wachguard SOHO that we have laying around. > > > It might be easier to just hang your DSL line off your External or > Optional network, so you can enable the FBIII's SMTP filtering on both > your DSL and T1 lines. Hanging it off a SOHO in your Trusted network > is a bit less secure (but no worse than your winproxy setup). On further thought, this isn't going to work. Aside from layer 8 issues, we also want to use the optional port for an IM solution for customer support, and eventually we're going to pull our web site into it. Unless I'm misunderstanding your thoughts... >>The default gateway for the FreeBSD box is pointed at the WG FBIII, >>as that's the way most of our email comes through. >> >>What the PC with Winproxy does is accept inbound email connections to >>our secondary MX, and presents them to the FreeBSD box. I'm assuming >>that the Winproxy program was doing something funky to make all of >>this happen, but I'm really set on replacing it. This has been >>working for a year or two, but lately the Winproxy program on the PC >>is falling over several times a day. It's not a hardware error - all >>other programs on the machine work just fine, but Winproxy is dieing. >> >>When I hook up the SOHO, I can't get emails through the DSL line. > > > What fails? Do you get connection refused? Maybe you just need to > open port 25 incoming on the SOHO and redirect it to the FreeBSD box's > IP (set up an alias IP in the SOHO's default 192.168.111/24 network if > you can't get the SOHO to use your exisitng Trusted network as its > trusted network). > > I have a Firebox 1000 and a SOHO at work but don't have the SOHO's > password on me so I can't tell you exactly what to set where :) I've got someone at WG looking at the SOHO setup for me, and they're starting to come to my conclusion - it's going to require more smarts for the postfix box. I'm thinking zebra/quagga might be required, perhaps even if we put the postfix box in the DMZ/optional area of the FBIII, 'cause the postfix box needs to know where to pitch packets after receiving them.