/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Hi All,
Although the problems described below fall in both categories of
networking/firewalling & qmail,
I posted here, in the hope that someone could cast a qmail perspective on
this, in case there
is an obvious way around the problem.
Got an issue with NAT, maybe someone could advise...
I have two small networks both running Qmail.
The first...
...has a single linux firewall. It has a bunch of ip addresses aliased on
the outside interface.
Each of the ip addresses has a service assigned to it, such as qmail-smtp or
qmail-pop on ports 25 and 110
respectively, and using ipmasqadm portfw, they are forwarded to the machines
behind the firewall.
The qmail box behind the firewall talks to the local dns server on the
network and generall works fine.
It receives mail, allows relaying for users etc.
The second...
...has twin RedHat LVS clustering firewall/routers, these provide clustering
services to the network.
Again in a similar fashion to the first network, all ip addresses get bound
to the the current lvs router.
This then uses ipvs to again forward the packets to the relevant internal
hosts.
The problem arises when the qmail box attempts to forward mail to itself.
It does the dns lookup, and resolves the real internet ip which is bound to
the firewall or cluster router,
which is correct. However it is unable to connect to the external ip, as it
is behind the NAT firewall or cluster router.
And unfortunately NAT in RH 6.2 (and others) it would appear does not appear
to allow effectively a NAT'd box to maquerade
out of the NAT router, and then connect to the NAT router port 25, and then
forward back internally.
As such, I need a workaround. Anyone?
I have thought possibly these would be solutions, but none of them exactly
nice...
a) a qmail box outside the nat would do the trick, and have all mail from
the NAT'd qmail box relay through there.
b) put a dns server within the NAT'd network, and set all mx records to the
internal ip.
c) use the program 'redir' to re-forward the packets back still using
ipmasqadm portfw as well.... (tried that didn't work)
Any help would be appreciated.
Thanks,
Ben Murphy,
murphx Innovative Solutions
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
