Re: Services in a multihomed machine

To: debian-isp@lists.debian.org
Subject: Re: Services in a multihomed machine
From: Bastian Winkler <b.winkler@techdivision.com>
Date: Wed, 1 Oct 2003 23:34:47 +0200
Message-id: <[🔎] 20031001213446.GA9547@note>
Mail-followup-to: Bastian Winkler <b.winkler@techdivision.com>, debian-isp@lists.debian.org
In-reply-to: <[🔎] 358mnv82bg4qkskbff57h6foeol24j24tv@4ax.com>
References: <[🔎] 358mnv82bg4qkskbff57h6foeol24j24tv@4ax.com>

hello,

I think it should be no problem (at least with smtp), to mangle packets
by destination-port. 

iptables -t nat -I POSTROUTING -p tcp --destination-port 25 -j SNAT
--to-source x.x.x.x

or use this in posfix main.cf (but I cannot verify this because of using
qmail):

inet_interfaces = x.x.x.x # listening ip
smtp_bind_address = x.x.x.x # outgoing ip


:wq buz

On Wed, Oct 01, 2003 at 08:54:21PM +0200, Roman Medina wrote:
> 
> Hello,
> 
> Let's suppose a server using ip-aliasing, with two public IPs (on the
> same subnet): ip1 and ip2. The server runs two services:
> - MTA (postfix) on ip1
> - WWW (apache) on ip2
> (I mean, each service is bound to only one ip, not 0.0.0.0).
> 
> According to the routing table, default gateway is reached through
> ip2. This means that when the server acts as a client machine it will
> use always ip2.
> 
> Now let's suppose that somebody is using your MTA to send an email.
> The server reads the email through ip1, and then will initiate a new
> connection to a second MTA (for delivering purposes), according to the
> MX record of the destination domain. Well, the problem is that this
> new connection is originated from ip2 (the one used for client
> purposes as well as WWW server).
> 
> I'd like that all MTA related tasks were launched always from ip1. Do
> you know any way of getting this to work?
> 
> I haven't already tried it but if I'm not wrong there is a way to
> create iptables rules based on system proccesses. So I had thought in
> creating such a rule to mangle packets with ip2 (wrong ip) when they
> are generated from postfix. Do you think it is a good idea? Would it
> cause an overload in CPU time?
> 
> Which other solutions do you know to solve the problem?
> 
>  Saludos,
>  --Roman
> 
> --
> PGP Fingerprint:
> 09BB EFCD 21ED 4E79 25FB  29E1 E47F 8A7D EAD5 6742
> [Key ID: 0xEAD56742. Available at KeyServ]
> 
> 
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
There he goes. One of God's own prototypes. Some kind of high powered mutant
never even considered for mass production. Too weird to live, and too rare
to die.
-- Hunter S. Thomson

GnuPG Fingerprint: 2FFF FC48 C7DF 1EA0 00A0  FD53 8C35 FD2E 6908 7B82

Attachment: pgpA419fGsSZ1.pgp
Description: PGP signature

Reply to:

References:
- Services in a multihomed machine
  - From: Roman Medina <roman@rs-labs.com>

Prev by Date: What Gigabit Ethernet card to buy?
Next by Date: Re: What Gigabit Ethernet card to buy?
Previous by thread: Services in a multihomed machine
Next by thread: What Gigabit Ethernet card to buy?
Index(es):
- Date
- Thread