On 01/03/2011 05:43 PM, Tom Eastep wrote:
On 1/3/11 12:03 AM, Harry Lachanas wrote:I have site A and site B both running shorewall and are connected to each other via VPNSite A runs a Mail server that I wish to move temporarily to B and configure shorewall to DNAT smtp connections on A -> B through VPN. DNAT operates correct and sends the smtp connection to B with no problem On B however shorewall complaints ( Correctly in my opinion ) about Martial source since it receives smtp connection from the net while the default route on the firewall is not the VPN interface .... ( tun )Actually, your kernel complains -- Shorewall may have configured it to do so, however.Any thoughts on how to overcome this ???Three ideas: a) Update your MX record to point to B. b) Configure multi-ISP on system B so that it has multiple default routes. c) SNAT the forwarded traffic. I don't recommend this one for a mail server, though, since you lose the true identity of the sending host.
Thank's Tom your opinion is reliable as a 100$ bill ! a) ... n/a second site B has a dynamic ip address.b) ... Thought about it but seemed quite a dirty trick .... + the mess , shorewall on site B runs on a openvz server so go figure.
c) ... Not a chance .... too much spam around the net today. Thanks again, Harry.
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
