Re: [ilugd] Email server with dual gateways
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/31/2004 01:11 PM, Yashpal Nagar wrote: | I believe you need source based routing. | iproute2 can help you in this. Such that if the src is the | xxx.xxx.xxx.xxx ( which is you WAN IP of your Secondary MX server) sent | it via local | interface of your primary mx server. This would not work as the source is not constant. The gateway forwards the source so the mail server sees a connection from whatever mail gateway is trying to send email. We dont want the mail server to see the source as the lan ip of the gateway since the lan is trusted. Also the mail server will do no IP checks on the connection. - - Ankur. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAapk9bR7mO5apBYARAqLQAKDVHG3L4/cYRw0RBr1tsupKXnnwVQCeNaX2 8lMEo3BRX2gUlyN+P2CLOWY= =r1Un -END PGP SIGNATURE- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] Email server with dual gateways
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is a problem i am facing and before attempting a fix i wanted to get an idea from the people on the list as to the easiest way to address this issue. We have a mail server connected to the Internet and LAN on separate LAN cards. The default gateway is the Internet router on this one and the IP is also the primary MX. It is working well doing the mail thing. We have an Internet gateway machine which also has a separate Internet connection (diff ISP) and its also on the LAN. I have forwarded the mail ports from the ext interface on this one to the LAN IP of the mail server. Forwarding is done using iptables and the source IP is maintained when forwarded. The Internet IP of this machine forms our secondary MX. Now the problem is the whenever the primary MX is down and a connection is made on the secondary , it forwards the connection to the mail servers LAN interface. Now since the source IP is maintained in the forward its certainly not from our LAN and needs to be routed out. The connection does not complete since the mail server is trying to send the return packets through its default gateway , which ofcourse is the other ISP's. I would like to tell the mail server that if it gets a packet through the LAN interface, then it should send it out using the same interface and using xxx.xxx.xxx.xxx as the gateway (which is the LAN ip of the other gateway machine) I hope i was clear enough. thanks in advance , - - Ankur. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAam45bR7mO5apBYARAvWtAKDUOvcNFHByk0EzcJuLHBQiHpttFgCdFanE XZph/Wkauh5hsQ0rdjoWsoE= =3pvm -END PGP SIGNATURE- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Email server with dual gateways
Ankur, It appears to me that you are not using a secondary mail server independently. Why should secondary mail server be contacting primary to deliver mail. The purpose of having a secondary mail server is defeated. I would setup a box to run secondary mail server independently. Setup rsync to sync up password / shadow / group / services files and /home from primary to secondary. When primary mail server goes down and mail is being received on secondary, fetchmail can be used on primary to retrieve mail from secondary box and deliver it on primary box so that it will be transparent to users. P.S. The subject line leads one to think there are two gateways on same box. Regards, --Naresh --- Ankur Rohatgi [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- I would like to tell the mail server that if it gets a packet through the LAN interface, then it should send it out using the same interface and using xxx.xxx.xxx.xxx as the gateway (which is the LAN ip of the other gateway machine) I hope i was clear enough. thanks in advance , - - Ankur. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAam45bR7mO5apBYARAvWtAKDUOvcNFHByk0EzcJuLHBQiHpttFgCdFanE XZph/Wkauh5hsQ0rdjoWsoE= =3pvm -END PGP SIGNATURE- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/ = -- Naresh __ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Email server with dual gateways
On Wed, 2004-03-31 at 12:54, Naresh Narang wrote: Ankur, It appears to me that you are not using a secondary mail server independently. Why should secondary mail server be contacting primary to deliver mail. The purpose of having a secondary mail server is defeated. I would setup a box to run secondary mail server independently. Setup rsync to sync up password / shadow / group / services files and /home from primary to secondary. When primary mail server goes down and mail is being received on secondary, fetchmail can be used on primary to retrieve mail from secondary box and deliver it on primary box so that it will be transparent to users. P.S. The subject line leads one to think there are two gateways on same box. Actually there are 2 gateways for the main machine one direct and other via the LAN Regards, --Naresh --- Ankur Rohatgi [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- I would like to tell the mail server that if it gets a packet through the LAN interface, then it should send it out using the same interface and using xxx.xxx.xxx.xxx as the gateway (which is the LAN ip of the other gateway machine) I hope i was clear enough. thanks in advance , - - Ankur. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAam45bR7mO5apBYARAvWtAKDUOvcNFHByk0EzcJuLHBQiHpttFgCdFanE XZph/Wkauh5hsQ0rdjoWsoE= =3pvm -END PGP SIGNATURE- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/ = -- Naresh __ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/ ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Email server with dual gateways
Hi Ankur, I believe you need source based routing. iproute2 can help you in this. Such that if the src is the xxx.xxx.xxx.xxx ( which is you WAN IP of your Secondary MX server) sent it via local interface of your primary mx server. Regards, Yash Ankur Rohatgi wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is a problem i am facing and before attempting a fix i wanted to get an idea from the people on the list as to the easiest way to address this issue. We have a mail server connected to the Internet and LAN on separate LAN cards. The default gateway is the Internet router on this one and the IP is also the primary MX. It is working well doing the mail thing. We have an Internet gateway machine which also has a separate Internet connection (diff ISP) and its also on the LAN. I have forwarded the mail ports from the ext interface on this one to the LAN IP of the mail server. Forwarding is done using iptables and the source IP is maintained when forwarded. The Internet IP of this machine forms our secondary MX. Now the problem is the whenever the primary MX is down and a connection is made on the secondary , it forwards the connection to the mail servers LAN interface. Now since the source IP is maintained in the forward its certainly not from our LAN and needs to be routed out. The connection does not complete since the mail server is trying to send the return packets through its default gateway , which ofcourse is the other ISP's. I would like to tell the mail server that if it gets a packet through the LAN interface, then it should send it out using the same interface and using xxx.xxx.xxx.xxx as the gateway (which is the LAN ip of the other gateway machine) I hope i was clear enough. thanks in advance , - - Ankur. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAam45bR7mO5apBYARAvWtAKDUOvcNFHByk0EzcJuLHBQiHpttFgCdFanE XZph/Wkauh5hsQ0rdjoWsoE= =3pvm -END PGP SIGNATURE- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/ ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/