Routing question? second reply
Dan Nelson
dnelson at allantgroup.com
Thu Apr 14 12:06:05 PDT 2005
In the last episode (Apr 14), Kurt Buff said:
> Dan Nelson wrote:
> >In the last episode (Apr 13), Kurt Buff said:
> >>I have a FreeBSD 5.3 box running
> >>postfix/amavisd-new/spamassassin/clamav. Currently, we have two
> >>entrances to our network, one is the Watchguard FBIII for our T1,
> >>the other is a PC running Win2k and Winproxy, serving our DSL line.
> >>The PC is starting to flake out, and I'd like to replace it with a
> >>Wachguard SOHO that we have laying around.
> >
> >It might be easier to just hang your DSL line off your External or
> >Optional network, so you can enable the FBIII's SMTP filtering on
> >both your DSL and T1 lines. Hanging it off a SOHO in your Trusted
> >network is a bit less secure (but no worse than your winproxy
> >setup).
>
> On further thought, this isn't going to work. Aside from layer 8
> issues, we also want to use the optional port for an IM solution for
> customer support, and eventually we're going to pull our web site
> into it. Unless I'm misunderstanding your thoughts...
You can still hang it off External if your external router has a spare
Ethernet port. We did something similar here; terminated and NAT'ted a
56k line off our Cisco router, and the firebox just saw it as regular
internet traffic. The Cisco took care of routing the NAT'ted traffic
through the 65k link.
Or upgrade to a newer 6-port firebox :)
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list