From owner-freebsd-questions@FreeBSD.ORG Thu Apr 14 19:06:05 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F6C316A4CE for ; Thu, 14 Apr 2005 19:06:05 +0000 (GMT) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A73143D1D for ; Thu, 14 Apr 2005 19:06:05 +0000 (GMT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.13.1/8.13.3) id j3EJ64l1036011; Thu, 14 Apr 2005 14:06:04 -0500 (CDT) (envelope-from dan) Date: Thu, 14 Apr 2005 14:06:04 -0500 From: Dan Nelson To: Kurt Buff Message-ID: <20050414190604.GJ4842@dan.emsphone.com> References: <425DAA56.7040707@spro.net> <20050414013943.GG4842@dan.emsphone.com> <425EBBD5.4000807@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <425EBBD5.4000807@gmail.com> X-OS: FreeBSD 5.4-PRERELEASE X-message-flag: Outlook Error User-Agent: Mutt/1.5.8i cc: freebsd-questions@freebsd.org Subject: Re: Routing question? second reply X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2005 19:06:05 -0000 In the last episode (Apr 14), Kurt Buff said: > Dan Nelson wrote: > >In the last episode (Apr 13), Kurt Buff said: > >>I have a FreeBSD 5.3 box running > >>postfix/amavisd-new/spamassassin/clamav. Currently, we have two > >>entrances to our network, one is the Watchguard FBIII for our T1, > >>the other is a PC running Win2k and Winproxy, serving our DSL line. > >>The PC is starting to flake out, and I'd like to replace it with a > >>Wachguard SOHO that we have laying around. > > > >It might be easier to just hang your DSL line off your External or > >Optional network, so you can enable the FBIII's SMTP filtering on > >both your DSL and T1 lines. Hanging it off a SOHO in your Trusted > >network is a bit less secure (but no worse than your winproxy > >setup). > > On further thought, this isn't going to work. Aside from layer 8 > issues, we also want to use the optional port for an IM solution for > customer support, and eventually we're going to pull our web site > into it. Unless I'm misunderstanding your thoughts... You can still hang it off External if your external router has a spare Ethernet port. We did something similar here; terminated and NAT'ted a 56k line off our Cisco router, and the firebox just saw it as regular internet traffic. The Cisco took care of routing the NAT'ted traffic through the 65k link. Or upgrade to a newer 6-port firebox :) -- Dan Nelson dnelson@allantgroup.com