Routing traffic over 2 NICs / Interfaces

[johnporter29]

I have 3 CentOS Servers.

 

Server 1 runs PostFix with PostGrey for Greylisting

Server 2 runs PostFix with Spamassassin for Spam Filtering

Server 3 runs PostFix with ClamAV for Virus Checking.

 

The idea is that an email will get sent to Server 1, if it get's past greylisting it will get forwarded onto Server 2.

Server 2 will then scan the email to determine if it's spam or not, if's not classed as spam the email will get forwarded onto Server 3

If it gets the OK from the last server it will be forwarded onto teh intended mail server for the recipient.

 

Server 1 has 2 NICs, NIC 1 is the internal network with an IP of 10.0.0.x, NIC 2 is connected to the Router and is assigned our External IP

Server 2 has 1 NIC which has an IP of 10.0.0.x

Server 3 has 2 NICs, NIC 1 is the internal network with an IP of 10.0.0.x, NIC 2 is connected to a 2nd Router and is assigned the External IP of our second broadband connection

 

I can ping each server from each of the servers, for example I can ping Server 2 & 3 succesfully from Server 1 and etc.

 

Looking at the mail log, mail is coming into Server 1 as expected but falls over trying to forward the mail to the second server. It can't find a route to the second server ....

 

Anyone willing to help or give me an idea where I am going wrong?

 

PS. I know what we are doing here can be done on 1 server, but we currently building a system as above, so I would appreciate it if we could focus on the issue please.

[+BudMan MVC]

well how it would it not have a route, I have to assume from your IP examples given they are on the same segment.  Are you trying to forward to a fqdn or an IP, if fqdn what does that resolve too?

[srbeen]

I'd think 2xNIC in each server would make this a lot easier, otherwise you're probably gonna need some hardware routing.

[fusi0n]

I know you said you don't want too.. but I would just run it on one server.. If you beef it up enough.. it can handle a lot of users.. 

[+BudMan MVC]

Since you state you can ping, the other servers and they are all on the same segment I would assume (you didn't give any mask to work with so Is it /8 or /24 or /26, etc.) - server 1 talking to server2, and server2 talking to 3 does not have anything to do with routing.. Your just talking to an IP on the same network the box has an interface on.

 

So if your getting some error in your application I would think it has to do with misconfiguration of how to "route" the email based up its dest domain..  If I get email for billy@domain.tld -- the email server needs to know where to send it normally via a MX lookup for domain.tld.. If you want to just forward everything to server 2 from server one.. Then server 1 needs to know to just send everything to server 2, normally this would be called a smart host.

[johnporter29]

Since you state you can ping, the other servers and they are all on the same segment I would assume (you didn't give any mask to work with so Is it /8 or /24 or /26, etc.) - server 1 talking to server2, and server2 talking to 3 does not have anything to do with routing.. Your just talking to an IP on the same network the box has an interface on.

 

So if your getting some error in your application I would think it has to do with misconfiguration of how to "route" the email based up its dest domain..  If I get email for billy@domain.tld -- the email server needs to know where to send it normally via a MX lookup for domain.tld.. If you want to just forward everything to server 2 from server one.. Then server 1 needs to know to just send everything to server 2, normally this would be called a smart host.

 

The answer your first post is that we are forwarding using the IP address..

 

We are using the mask of 255.255.255.0

 

Postfix on Server 1 has been configured to forward the mail onto Server 2.

 

We have had this working using a single NIC in each server, now it's been changed so on Server 1 the mail comes in via the External IP and gets forwarded to the 2nd server via the second nic (interneal network) ... Im sure it's something simple I've missed.

[johnporter29]

After saying it was something so simple I've missed - it was - iptables was on and blocking access.

 

Thanks to everyone who responded and tried to help.

 

Awarded Best Answer/Solved to budman for the informative posts.