We have a mail server that sends out E-mail via two ISPs and each ISP is
connected to the mail server through a different interface. eth0 is on
ISP1 and eth1 is on ISP2. Each interface does go through a firewall so
they are not directly on the Internet. Server is running CentOS 5.3
The set-up of each is
eth0: 10.0.0.0/8
eth1: 172.16.0.0/12
There are dozens of IPs on each interface that are used as source IPs
for the E-mail server. The router on each ISP does the NAT translation
to translate the internal IP address to the actual public IPs.
The routing table is set up as follows:
172.16.0.0/12 dev eth1 proto kernel scope link src 172.16.0.45
10.0.0.0/8 dev eth0 proto kernel scope link src 10.0.0.45
default via 10.0.0.1 dev eth0
To force E-mails with a source IP on the eth1 we have the following rule
set up:
ip route add default via 172.16.0.1 dev eth1 table wan2
ip rule add from 172.16.0.0/12 table wan2
That seems to work fine for a while, E-mail goes out both interfaces
with the correct source IPs and everyone seems happy. However at some
point for some reason outbound connections on eth1 time out and nothing
we've tried gets them going again until a reboot after which everything
works just fine again. The entire time eth0 traffic is completely
unaffected.
We verify nothing goes out with a command such as:
ncat -s 172.16.1.1 www.google.com <http://www.google.com> 80
That command times out on all source IPs we've tried.
What are we missing?
--
Greg Gulik http://www.gulik.com/greg/
greg @ gulik.com
_______________________________________________
Linux-PowerEdge mailing list
[email protected]
https://lists.us.dell.com/mailman/listinfo/linux-poweredge
Please read the FAQ at http://lists.us.dell.com/faq
