• 0

Routing traffic over 2 NICs / Interfaces


Go to solution Solved by BudMan,

Question

johnporter29

I have 3 CentOS Servers.

 

Server 1 runs PostFix with PostGrey for Greylisting

Server 2 runs PostFix with Spamassassin for Spam Filtering

Server 3 runs PostFix with ClamAV for Virus Checking.

 

The idea is that an email will get sent to Server 1, if it get's past greylisting it will get forwarded onto Server 2.

Server 2 will then scan the email to determine if it's spam or not, if's not classed as spam the email will get forwarded onto Server 3

If it gets the OK from the last server it will be forwarded onto teh intended mail server for the recipient.

 

Server 1 has 2 NICs, NIC 1 is the internal network with an IP of 10.0.0.x, NIC 2 is connected to the Router and is assigned our External IP

Server 2 has 1 NIC which has an IP of 10.0.0.x

Server 3 has 2 NICs, NIC 1 is the internal network with an IP of 10.0.0.x, NIC 2 is connected to a 2nd Router and is assigned the External IP of our second broadband connection

 

I can ping each server from each of the servers, for example I can ping Server 2 & 3 succesfully from Server 1 and etc.

 

Looking at the mail log, mail is coming into Server 1 as expected but falls over trying to forward the mail to the second server. It can't find a route to the second server ....

 

Anyone willing to help or give me an idea where I am going wrong?

 

PS. I know what we are doing here can be done on 1 server, but we currently building a system as above, so I would appreciate it if we could focus on the issue please.

Link to post
Share on other sites

6 answers to this question

Recommended Posts

  • 0
+BudMan

Since you state you can ping, the other servers and they are all on the same segment I would assume (you didn't give any mask to work with so Is it /8 or /24 or /26, etc.) - server 1 talking to server2, and server2 talking to 3 does not have anything to do with routing.. Your just talking to an IP on the same network the box has an interface on.

 

So if your getting some error in your application I would think it has to do with misconfiguration of how to "route" the email based up its dest domain..  If I get email for billy@domain.tld -- the email server needs to know where to send it normally via a MX lookup for domain.tld.. If you want to just forward everything to server 2 from server one.. Then server 1 needs to know to just send everything to server 2, normally this would be called a smart host.

Link to post
Share on other sites
  • 0
+BudMan

well how it would it not have a route, I have to assume from your IP examples given they are on the same segment.  Are you trying to forward to a fqdn or an IP, if fqdn what does that resolve too?

Link to post
Share on other sites
  • 0
srbeen

I'd think 2xNIC in each server would make this a lot easier, otherwise you're probably gonna need some hardware routing.

Link to post
Share on other sites
  • 0
fusi0n

I know you said you don't want too.. but I would just run it on one server.. If you beef it up enough.. it can handle a lot of users.. 

Link to post
Share on other sites
  • 0
johnporter29

Since you state you can ping, the other servers and they are all on the same segment I would assume (you didn't give any mask to work with so Is it /8 or /24 or /26, etc.) - server 1 talking to server2, and server2 talking to 3 does not have anything to do with routing.. Your just talking to an IP on the same network the box has an interface on.

 

So if your getting some error in your application I would think it has to do with misconfiguration of how to "route" the email based up its dest domain..  If I get email for billy@domain.tld -- the email server needs to know where to send it normally via a MX lookup for domain.tld.. If you want to just forward everything to server 2 from server one.. Then server 1 needs to know to just send everything to server 2, normally this would be called a smart host.

 

The answer your first post is that we are forwarding using the IP address..

 

We are using the mask of 255.255.255.0

 

Postfix on Server 1 has been configured to forward the mail onto Server 2.

 

We have had this working using a single NIC in each server, now it's been changed so on Server 1 the mail comes in via the External IP and gets forwarded to the 2nd server via the second nic (interneal network) ... Im sure it's something simple I've missed.

Link to post
Share on other sites
  • 0
johnporter29

After saying it was something so simple I've missed - it was - iptables was on and blocking access.

 

Thanks to everyone who responded and tried to help.

 

Awarded Best Answer/Solved to budman for the informative posts.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By News Staff
      Practical Linux Security Cookbook - Second Edition ($35.99 Value) Free Download
      by Steven Parker

      Claim your complimentary eBook (worth $35.99) for free, before the offer expires on 03/03.



      Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it.



      Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security aws, and these security aws allow attackers to get into your system and modify or even destroy your important data. But there’s no need to panic, since there are various mechanisms by which these aws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system.

      With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux.

      By the end of this book, you will be able to secure your Linux systems and create a robust environment.

      This free offer expires on March 3.

      How to get it
      Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last!

      >> Practical Linux Security Cookbook - Second Edition ($35.99 Value) - free download <<
      Offered by Packt Publishing, view their other free resources. Expires 03/03/21.

      Not for you?
      That's OK, there are other deals on offer you can check out here.



      Home Gym Giveaway | Ultimate Gaming Giveaway (feat. PlayStation 5 & Xbox Series X) Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • By zikalify
      Debian 10.8 launches with new software patches and updates
      by Paul Hill

      Image via Alex Makas The Debian Project has announced the availability of Debian 10.8, the eighth update to its stable distribution Debian 10. Each time a point release is made available, a new ISO is spun with all the latest security fixes and software updates so that they do not need to be installed when Debian is installed on a new system.

      Some packages that have received updates with Debian 10.8 include Firefox ESR, Chromium, Flatpak, VLC, the Linux kernel, OpenSSL, X.Org, APT and Thunderbird. The NVIDIA graphics drivers have also been updated to a newer upstream version that fixes a denial of service issue.

      Appealing to users to think about the environment, the Debian Project said:

      Debian 10 was first launched on July 6, 2019, and it’s set to receive long-term support until 2024. Each new version of Debian arrives every two years but launch dates are not set in stone. If there aren’t any delays, Debian 11 should come out this year and Debian 10 will be demoted to the status of Old Stable alongside Debian 9 which is maintained by the main Debian security team until July 18, 2020.

    • By zikalify
      Canonical releases second point release of Ubuntu 20.04 LTS
      by Paul Hill



      Canonical has announced the availability of Ubuntu 20.04.2 LTS – the second point release for Ubuntu 20.04 LTS. As with other point releases, Canonical has spun a new ISO that includes all the security and software updates and it comes with the latest hardware enablement stacks so that newer hardware works properly.

      Ubuntu 20.04.2 LTS is available for the Desktop, Server, and Cloud products as well as other flavours of Ubuntu such as Kubuntu, Ubuntu Budgie, Ubuntu MATE, Lubuntu, Ubuntu Kylin, Ubuntu Studio, and Xubuntu. If you want to download any of the Ubuntu products or the spins, head over to the Ubuntu downloads page and find what you want.

      According to the Ubuntu 20.04 release notes page, Ubuntu 20.04.2 LTS ships with the Linux 5.8 kernel instead of Linux 5.4 which was the original kernel shipped last April when Focal Fossa came out. Those installing Ubuntu Server will have to opt-in to using the new kernel through the installer bootloader as it’s not the default choice.

      As with all Ubuntu LTS releases, you should expect security and software updates for five years until the first half of 2025. The derivative flavours are an exception, however, receiving support for just three years.

    • By LoneWolfSL
      Total War: Warhammer III announced by Creative Assembly, coming this year
      by Pulasthi Ariyasinghe

      The Total War: Warhammer trilogy that Creative Assembly began back in 2016 is concluding this year with the newly revealed third entry. After several teasers from the past few days, publisher Sega announced the latest turn-based and real-time strategy title today with a brand new cinematic trailer, catch it above.

      Total War: Warhammer III will have the conflict expanding to further territories like the Realms of Chaos and Lands of the East. New fantasy races are incoming too, with Kislev and Cathay, as well as Chaos factions Khorne, Nurgle, Slaanesh and Tzeentch. The studio promises to deliver the most diverse array of "legendary heroes, gargantuan monsters, flying creatures and magical powers that the series has ever seen."

      "Our vision, from the start, was to create a series that felt like an incredible journey through this world we all loved," said game director Ian Roxburgh. "The enormous support of our players in ensuring the success of the first two installments has pushed our ambition to new heights, and we can’t wait for everyone to experience it."

      Like in the first two games, Creative Assembly will allow players to combine the maps of the complete trilogy to have one massive campaign. However, this will arrive as a post-launch free update, as the studio's full focus is currently on Total War: Warhammer 3.

      Total War: Warhammer 3 is coming to Windows later this year, with Linux and macOS versions coming soon after. Both Steam and Epic Games Store versions are currently available for pre-order, and Creative Assembly will be bringing the previous two games and all their DLC to the latter store before the latest game's launch.

    • By zikalify
      Canonical launches Ubuntu Core 20 for IoT devices
      by Paul Hill



      Canonical has announced the general availability of Ubuntu Core 20, a stripped back version of Ubuntu 20.04 LTS designed for IoT devices and embedded systems. According to the company, this update improves device security with the inclusion of secure boot, full disk encryption and secure device recovery.

      Ubuntu Core is available for many popular x86 and ARM single board computers making it pretty accessible. IoT devices are not always easy to update so Canonical has configured Ubuntu Core to provide automated and reliable updates out of the box so end users don’t need to worry about updating their devices. While an LTS is usually supported for five years, it provides business-critical devices with 10 years of support.

      Commenting on today’s launch CEO Mark Shuttleworth said:

      Probably the most familiar device that can run Ubuntu Core, is the Raspberry Pi Compute Module. If you have a Raspberry Pi Compute Module or other compatible device lying around you can get it to work with Ubuntu Core 20 by heading over to the IoT section of the Ubuntu website and scrolling down to Ubuntu Core.