In the last episode (Apr 13), Kurt Buff said:
I have a FreeBSD 5.3 box running postfix/amavisd-new/spamassassin/clamav. Currently, we have two entrances to our network, one is the Watchguard FBIII for our T1, the other is a PC running Win2k and Winproxy, serving our DSL line. The PC is starting to flake out, and I'd like to replace it with a Wachguard SOHO that we have laying around.
It might be easier to just hang your DSL line off your External or Optional network, so you can enable the FBIII's SMTP filtering on both your DSL and T1 lines. Hanging it off a SOHO in your Trusted network is a bit less secure (but no worse than your winproxy setup).
On further thought, this isn't going to work. Aside from layer 8 issues, we also want to use the optional port for an IM solution for customer support, and eventually we're going to pull our web site into it. Unless I'm misunderstanding your thoughts...
The default gateway for the FreeBSD box is pointed at the WG FBIII, as that's the way most of our email comes through.
What the PC with Winproxy does is accept inbound email connections to our secondary MX, and presents them to the FreeBSD box. I'm assuming that the Winproxy program was doing something funky to make all of this happen, but I'm really set on replacing it. This has been working for a year or two, but lately the Winproxy program on the PC is falling over several times a day. It's not a hardware error - all other programs on the machine work just fine, but Winproxy is dieing.
When I hook up the SOHO, I can't get emails through the DSL line.
What fails? Do you get connection refused? Maybe you just need to open port 25 incoming on the SOHO and redirect it to the FreeBSD box's IP (set up an alias IP in the SOHO's default 192.168.111/24 network if you can't get the SOHO to use your exisitng Trusted network as its trusted network).
I have a Firebox 1000 and a SOHO at work but don't have the SOHO's password on me so I can't tell you exactly what to set where :)
I've got someone at WG looking at the SOHO setup for me, and they're starting to come to my conclusion - it's going to require more smarts for the postfix box. I'm thinking zebra/quagga might be required, perhaps even if we put the postfix box in the DMZ/optional area of the FBIII, 'cause the postfix box needs to know where to pitch packets after receiving them.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"