SBS2003, dual nics, no router, Install Barracuda 300

Hello,

We have been using SBS2003 in the dual nic configuration and would like to
try a Barracuda Spam Filter.

Current set up is:

Internet DSL Modem (static IP)-SBS2003 Internal Network (10.0.x.x)

Since I don't have a router, I do believe this makes things a little more
challanging.

Is it difficult to set up ISA2004 to forward port 25 to an interal address
address that would be assigned to the Barracuda, then have the Barracuda 300
process the mail and forward back to the internal address of the server or
would it need to go to the external IP address.

I would like to make it an easy set up possible so if things don't work out,
I don't spend hours setting things back to orignal.



Thank you in advance.

Scott

Steve
Thu May 15 03:34:13 PDT 2008

Scott Hubbard wrote:

>Hello,
>
>We have been using SBS2003 in the dual nic configuration and would like to
>try a Barracuda Spam Filter.
>
>Current set up is:
>
>Internet DSL Modem (static IP)-SBS2003 Internal Network
>(10.0.x.x)
>
>Since I don't have a router, I do believe this makes things a little more
>challanging.
>
>Is it difficult to set up ISA2004 to forward port 25 to an interal address
>address that would be assigned to the Barracuda, then have the Barracuda
>300
>process the mail and forward back to the internal address of the server or
>would it need to go to the external IP address.
>
>I would like to make it an easy set up possible so if things don't work
>out,
>I don't spend hours setting things back to orignal.
>

Unless you're running PPPoE on the server, or have some software that came
with the DSL device running on the SBS, my guess would be that it is
actually a router. If you post the make and model, we can help you confirm
that.

Best bet is likely a switch/hub between the DSL router (assuming it is)
and the SBS and plug the barracuda in to that too. Give it another public
IP and change MX records accordingly. Configure it to forward to the SBS
public IP after it has processed email.

You might also review recommended deployment scenarios from Barracuda -
it's their device, they should have some documentation on how best to use
it in various configurations.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.

ScottHubbard
Thu May 15 14:53:00 PDT 2008

**************
Hello Steve,

Thanks for the reply.

I have a SpeedStream 5360 Ethernet ADSL Modem.

Orignally the DSL line went directly into the SBS. We added some VOIP
service and when we had problems getting the VOIP to work behind the SBS box,
my ISP gave me a static IP to put in the VOIP box and I installed a 5 port
switch between the DSL modem and SBS box.

So my configuration is:

Voip with public IP
DSL Line - Umanaged Switch -

SBS Public IP


I do not have any PPPOE or any other connection software installed.

I have looked on the Barracuda site and the examples that I have found all
indicate the Barracuda is behind a Router forwarding Port 25 to the
Barracuda, the Barracuda then forwards email to the Server on an internal IP.

I think it will just be easier to buy a router and spend the time setting it
up so everthing works.

The SBS box has been running great for so long, hands off, I really don't
want to let Murphy come vist or Pandora out of the box.



> Best bet is likely a switch/hub between the DSL router (assuming it is)
> and the SBS and plug the barracuda in to that too. Give it another public
> IP and change MX records accordingly. Configure it to forward to the SBS
> public IP after it has processed email.
>
> You might also review recommended deployment scenarios from Barracuda -
> it's their device, they should have some documentation on how best to use
> it in various configurations.
>
> --
> Steve Foster [SBS MVP]
>
**********

"Steve Foster [SBS MVP]" wrote:

> Scott Hubbard wrote:
>
> >Hello,
> >
> >We have been using SBS2003 in the dual nic configuration and would like to
> >try a Barracuda Spam Filter.
> >
> >Current set up is:
> >
> >Internet DSL Modem (static IP)-SBS2003 Internal Network
> >(10.0.x.x)
> >
> >Since I don't have a router, I do believe this makes things a little more
> >challanging.
> >
> >Is it difficult to set up ISA2004 to forward port 25 to an interal address
> >address that would be assigned to the Barracuda, then have the Barracuda
> >300
> >process the mail and forward back to the internal address of the server or
> >would it need to go to the external IP address.
> >
> >I would like to make it an easy set up possible so if things don't work
> >out,
> >I don't want to spend hours setting things back to orignal.
> >
>
> Unless you're running PPPoE on the server, or have some software that came
> with the DSL device running on the SBS, my guess would be that it is
> actually a router. If you post the make and model, we can help you confirm
> that.
>
> Best bet is likely a switch/hub between the DSL router (assuming it is)
> and the SBS and plug the barracuda in to that too. Give it another public
> IP and change MX records accordingly. Configure it to forward to the SBS
> public IP after it has processed email.
>
> You might also review recommended deployment scenarios from Barracuda -
> it's their device, they should have some documentation on how best to use
> it in various configurations.
>
> --
> Steve Foster [SBS MVP]
> ---------------------------------------
> MVPs do not work for Microsoft. Please reply only to the newsgroups.
>

Steve
Thu May 15 15:56:45 PDT 2008

Scott Hubbard wrote:

>**************
>Hello Steve,
>
>Thanks for the reply.
>
>I have a SpeedStream 5360 Ethernet ADSL Modem.
>
>Orignally the DSL line went directly into the SBS. We added some VOIP
>service and when we had problems getting the VOIP to work behind the SBS
>box,
>my ISP gave me a static IP to put in the VOIP box and I installed a 5 port
>switch between the DSL modem and SBS box.
>
>So my configuration is:
>
> Voip with public IP
>DSL Line - Umanaged Switch -
>
> SBS Public IP

From this information, it's clearly a router. You will have at least one
spare IP based on the information given so far, and the barracuda could go
on that. Just plug it into the existing internet-side switch.



>
>I do not have any PPPOE or any other connection software installed.
>
>I have looked on the Barracuda site and the examples that I have found all
>indicate the Barracuda is behind a Router forwarding Port 25 to the
>Barracuda, the Barracuda then forwards email to the Server on an internal
>IP.

No need, just configure the barracuda to forward to the SBS public IP.

"port forwarding" is laymans-terms-firewall-speak. Routers don't do port
forwarding, they route (SoHo devices can often be configured to either
route or do NAT and port forwarding [acting as basic firewalls]).

>I think it will just be easier to buy a router and spend the time setting
>it
>up so everthing works.

You already have a router.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.

ScottHubbard
Thu May 15 16:19:00 PDT 2008

Hello Steve,

You mentioned in the last reply I already have a router.

Are you considering the SBS the router or the DSL Modem?

I checked with the manufacture of the DSL modem and the documentation on the
model I have mentions nothing about any functions you find in a router.

There is no web log in, or user interface.

It's a plug it in, let it synch with the CO.

Here is a link to the information on the DSL modem.

http://web.archive.org/web/20021017085808/www.efficient.com/products/modeth.html

If you know anything about this working as a router I would appreciate any
insite you may offer.

Thanks again and have a good evening.

Steve
Fri May 16 04:11:29 PDT 2008

Scott Hubbard wrote:

>Hello Steve,
>
>You mentioned in the last reply I already have a router.
>
>Are you considering the SBS the router or the DSL Modem?

You have a device that connects to the internet and transfers packets
between it and two devices on public IPs. Such a device is usually called
a router.

That's all that matters.

If you plug another device in, and give it a public IP in the same range,
I'd be amazed if it wasn't on the internet. Connect a client PC to it and
test (making sure the PC has a firewall turned on!).

When that works, switch the client PC for the Barracuda.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.

ScottHubbard
Fri May 16 11:31:01 PDT 2008


Hello Geoff,

Thanks for the input.

The modem I have is supplied by the ISP and they are responsible for the
device.

When our DSL circuit was upgraded to a newer technology, I think this was
about 4 years ago, the ISP sent out a new modem.

What do you recomend or do not recomend for modem/router hardware.

Thanks.




. I guess I have never worried about it because it has worked
"Geoff Schaller" wrote:

> Scott,
>
> Why are you putting your SBS server onto such a low quality modem
> (really designed for home use)? Not that it can't do its job but
> seriously, you should consider a more robust unit. However, all modems
> like this have a web log in where you can manage protocols, ports,
> forwarding and all router based functions. It will be there - you just
> need to locate the info in the manual.
>
> Alternately, go down the street and buy a decent one with at least 4
> ports on the back and maybe even a wireless modem.
>
> Geoff
>
>
>
> "Scott Hubbard" <ScottHubbard@discussions.microsoft.com> wrote in
> message news:11E6079D-F7A1-4C29-922D-56EED54D6C33@microsoft.com:
>
> > Hello Steve,
> >
> > You mentioned in the last reply I already have a router.
> >
> > Are you considering the SBS the router or the DSL Modem?
> >
> > I checked with the manufacture of the DSL modem and the documentation on the
> > model I have mentions nothing about any functions you find in a router.
> >
> > There is no web log in, or user interface.
> >
> > It's a plug it in, let it synch with the CO.
> >
> > Here is a link to the information on the DSL modem.
> >
> > http://web.archive.org/web/20021017085808/www.efficient.com/products/modeth.html
> >
> > If you know anything about this working as a router I would appreciate any
> > insite you may offer.
> >
> > Thanks again and have a good evening.
>
>

Leythos
Fri May 16 12:28:06 PDT 2008

In article <5A08FF0B-84A2-4812-900F-43CF5E16CB39@microsoft.com>,
ScottHubbard@discussions.microsoft.com says...
> The modem I have is supplied by the ISP and they are responsible for the
> device.
>
> When our DSL circuit was upgraded to a newer technology, I think this was
> about 4 years ago, the ISP sent out a new modem.
>
> What do you recomend or do not recomend for modem/router hardware.

That's the problem with DSL, it's always a crappy level of service.

First, you need to have your DSL device in BRIDGE MODE, or at least in
PIN-HOLE mode (you can get the info from your ISP).

Now you need a firewall appliance, while a NAT Router will work, it's
not really a firewall, it's just a router that can't tell the difference
between HTTP and SMTP.

Many vendors sell firewalls, Watchguard is my first choice - their units
are not cheap, but they also support PPOE and even dual-wan failover,
and they have real firewall ability.

If I was going to go cheap, I would get a Netgear ProSafe FVS338 or a
FVS318 unit - these are the lowest end firewalls I would purchase for
protecting a company.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)