From owner-freebsd-questions  Mon Oct 13 08:20:03 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id IAA29861
          for questions-outgoing; Mon, 13 Oct 1997 08:20:03 -0700 (PDT)
          (envelope-from owner-freebsd-questions)
Received: from horton.iaces.com (proot@horton.iaces.com [204.147.87.98])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA29815
          for <questions@FreeBSD.ORG>; Mon, 13 Oct 1997 08:19:59 -0700 (PDT)
          (envelope-from proot@horton.iaces.com)
Received: (from proot@localhost)
	by horton.iaces.com (8.8.5/8.8.5) id KAA09012;
	Mon, 13 Oct 1997 10:18:08 -0500 (CDT)
From: "Paul T. Root" <proot@horton.iaces.com>
Message-Id: <199710131518.KAA09012@horton.iaces.com>
Subject: Re: Thrown into it!
To: dwhite@resnet.uoregon.edu
Date: Mon, 13 Oct 1997 10:18:08 -0500 (CDT)
Cc: walkers@region.durham.on.ca, questions@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.96.971013012634.9609P-100000@gdi.uoregon.edu> from Doug White at "Oct 13, 97 01:29:00 am"
X-Organization: !nterprise Networking Services - ACES
X-Phone: (612) 664-3385
X-Fax: (612) 664-4779
X-Page: (800) SKY-PAGE PIN: 537-7270
X-Address: 600 Stinson Blvd, Fl 1S
X-Address: Minneapolis, MN 55413
X-Mailer: ELM [version 2.4ME+ PL22 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

In a previous message, Doug White said:
> On Tue, 7 Oct 1997, Steven Walker wrote:
> 
> > We have recently purchased a Cisco PIX firewall which will take over the
> > job of IP translation. We have also contracted a new ISP to provide ISDN
> > connection to the Internet via an ISDN router. All that will be left for
> > the FreeBSD machine to do is mail serving. My questions are:
> >
> > 1) How do I disable the use of the modem dial up, leaving only the NIC
> > in place, so that this machine is simply another node on the outside of
> > the firewall?

Doug answered your questions quite well as usual. So I'll just give
some unsolicited network advice... :-)


If I were you, I'd put the FreeBSD box behind the PIX. The PIX is a 
great box for firewalling. It provides some very nice features for 
blocking unwanted access to smtp. 

Put the FreeBSD behind the PIX, and configure the mailhost command:

mailhost external-ip internal-ip

I think that's it. That should create 2 lines in the config:
mailhost external-ip internal-ip 
conduit external-ip 25 tcp 0.0.0.0 0.0.0.0

This would be the same as static plus the conduit line.

Paul.

-- 
"What did you have in mind, Sergeant?"-- Sharon Stone in "Basic Instinct"