Routing question? second reply

Kurt Buff kurt.buff at gmail.com
Thu Apr 14 11:56:39 PDT 2005 

Dan Nelson wrote:
> In the last episode (Apr 13), Kurt Buff said:
> 
>>I have a FreeBSD 5.3 box running
>>postfix/amavisd-new/spamassassin/clamav. Currently, we have two
>>entrances to our network, one is the Watchguard FBIII for our T1, the
>>other is a PC running Win2k and Winproxy, serving our DSL line. The
>>PC is starting to flake out, and I'd like to replace it with a
>>Wachguard SOHO that we have laying around.
> 
> 
> It might be easier to just hang your DSL line off your External or
> Optional network, so you can enable the FBIII's SMTP filtering on both
> your DSL and T1 lines.  Hanging it off a SOHO in your Trusted network
> is a bit less secure (but no worse than your winproxy setup).

On further thought, this isn't going to work. Aside from layer 8 issues, 
we also want to use the optional port for an IM solution for customer 
support, and eventually we're going to pull our web site into it. Unless 
I'm misunderstanding your thoughts...

>>The default gateway for the FreeBSD box is pointed at the WG FBIII,
>>as that's the way most of our email comes through.
>>
>>What the PC with Winproxy does is accept inbound email connections to
>>our secondary MX, and presents them to the FreeBSD box. I'm assuming
>>that the Winproxy program was doing something funky to make all of
>>this happen, but I'm really set on replacing it. This has been
>>working for a year or two, but lately the Winproxy program on the PC
>>is falling over several times a day. It's not a hardware error - all
>>other programs on the machine work just fine, but Winproxy is dieing.
>>
>>When I hook up the SOHO, I can't get emails through the DSL line.
> 
> 
> What fails?  Do you get connection refused?  Maybe you just need to
> open port 25 incoming on the SOHO and redirect it to the FreeBSD box's
> IP (set up an alias IP in the SOHO's default 192.168.111/24 network if
> you can't get the SOHO to use your exisitng Trusted network as its
> trusted network).
> 
> I have a Firebox 1000 and a SOHO at work but don't have the SOHO's
> password on me so I can't tell you exactly what to set where :)

I've got someone at WG looking at the SOHO setup for me, and they're 
starting to come to my conclusion - it's going to require more smarts 
for the postfix box. I'm thinking zebra/quagga might be required, 
perhaps even if we put the postfix box in the DMZ/optional area of the 
FBIII, 'cause the postfix box needs to know where to pitch packets after 
receiving them.

More information about the freebsd-questions mailing list