Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Oct 1997 10:18:08 -0500 (CDT)
From:      "Paul T. Root" <proot@horton.iaces.com>
To:        dwhite@resnet.uoregon.edu
Cc:        walkers@region.durham.on.ca, questions@FreeBSD.ORG
Subject:   Re: Thrown into it!
Message-ID:  <199710131518.KAA09012@horton.iaces.com>
In-Reply-To: <Pine.BSF.3.96.971013012634.9609P-100000@gdi.uoregon.edu> from Doug White at "Oct 13, 97 01:29:00 am"

next in thread | previous in thread | raw e-mail | index | archive | help
In a previous message, Doug White said:
> On Tue, 7 Oct 1997, Steven Walker wrote:
> 
> > We have recently purchased a Cisco PIX firewall which will take over the
> > job of IP translation. We have also contracted a new ISP to provide ISDN
> > connection to the Internet via an ISDN router. All that will be left for
> > the FreeBSD machine to do is mail serving. My questions are:
> >
> > 1) How do I disable the use of the modem dial up, leaving only the NIC
> > in place, so that this machine is simply another node on the outside of
> > the firewall?

Doug answered your questions quite well as usual. So I'll just give
some unsolicited network advice... :-)


If I were you, I'd put the FreeBSD box behind the PIX. The PIX is a 
great box for firewalling. It provides some very nice features for 
blocking unwanted access to smtp. 

Put the FreeBSD behind the PIX, and configure the mailhost command:

mailhost external-ip internal-ip

I think that's it. That should create 2 lines in the config:
mailhost external-ip internal-ip 
conduit external-ip 25 tcp 0.0.0.0 0.0.0.0

This would be the same as static plus the conduit line.

Paul.

-- 
"What did you have in mind, Sergeant?"-- Sharon Stone in "Basic Instinct"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710131518.KAA09012>