From owner-freebsd-questions@FreeBSD.ORG Thu Apr 14 17:21:10 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 409D616A4CF for ; Thu, 14 Apr 2005 17:21:10 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D33543D1F for ; Thu, 14 Apr 2005 17:21:09 +0000 (GMT) (envelope-from kurt.buff@gmail.com) Received: by rproxy.gmail.com with SMTP id j1so420650rnf for ; Thu, 14 Apr 2005 10:21:08 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:user-agent:x-accept-language:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=JDbl+3smsArooW7sbTP4G1nB7szs6s5P1sEalm28jJKDxQ1NU5lsp/JnoBJxyHo53+fwkDSNVYCvSfUGLRdV0B75vQe1vGLfkF6iRrLMiaAvqqXiTOM3XaOdlbzcoOlutXkpn5IpzUV9mxzBWXF6gD8O/+O6J77pzsBOvUBovWs= Received: by 10.38.181.75 with SMTP id d75mr2115609rnf; Thu, 14 Apr 2005 10:21:08 -0700 (PDT) Received: from ?192.168.5.63? ([216.202.42.5]) by mx.gmail.com with ESMTP id z1sm1408185rne.2005.04.14.10.21.05; Thu, 14 Apr 2005 10:21:08 -0700 (PDT) Message-ID: <425EA573.5080302@gmail.com> Date: Thu, 14 Apr 2005 10:16:35 -0700 From: Kurt Buff User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Dan Nelson References: <425DAA56.7040707@spro.net> <20050414013943.GG4842@dan.emsphone.com> In-Reply-To: <20050414013943.GG4842@dan.emsphone.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: Routing question? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: kurt.buff@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2005 17:21:10 -0000 Dan Nelson wrote: > In the last episode (Apr 13), Kurt Buff said: > >>I have a FreeBSD 5.3 box running >>postfix/amavisd-new/spamassassin/clamav. Currently, we have two >>entrances to our network, one is the Watchguard FBIII for our T1, the >>other is a PC running Win2k and Winproxy, serving our DSL line. The >>PC is starting to flake out, and I'd like to replace it with a >>Wachguard SOHO that we have laying around. > > > It might be easier to just hang your DSL line off your External or > Optional network, so you can enable the FBIII's SMTP filtering on both > your DSL and T1 lines. Hanging it off a SOHO in your Trusted network > is a bit less secure (but no worse than your winproxy setup). That's worthy of some thought. It may not fulfill the layer 8 requirements, however. >>The default gateway for the FreeBSD box is pointed at the WG FBIII, >>as that's the way most of our email comes through. >> >>What the PC with Winproxy does is accept inbound email connections to >>our secondary MX, and presents them to the FreeBSD box. I'm assuming >>that the Winproxy program was doing something funky to make all of >>this happen, but I'm really set on replacing it. This has been >>working for a year or two, but lately the Winproxy program on the PC >>is falling over several times a day. It's not a hardware error - all >>other programs on the machine work just fine, but Winproxy is dieing. >> >>When I hook up the SOHO, I can't get emails through the DSL line. > > > What fails? Do you get connection refused? Maybe you just need to > open port 25 incoming on the SOHO and redirect it to the FreeBSD box's > IP (set up an alias IP in the SOHO's default 192.168.111/24 network if > you can't get the SOHO to use your exisitng Trusted network as its > trusted network). > > I have a Firebox 1000 and a SOHO at work but don't have the SOHO's > password on me so I can't tell you exactly what to set where :) Failure mode is that when I telnet to the external IP address of the soho on port 25, I get no answer. On the SOHO, I have port 25 set to allow inbound access, only to the IP address of the postfix box. It smells to me like what's happening is that the inbound packets are making it to and through the SOHO, but then the postfix box obeys its DG setting, and tries to send the responses out the FBIII, and they never make it back to the originating box. Kurt