• 0

Routing traffic over 2 NICs / Interfaces


Go to solution Solved by BudMan,

Question

johnporter29

I have 3 CentOS Servers.

 

Server 1 runs PostFix with PostGrey for Greylisting

Server 2 runs PostFix with Spamassassin for Spam Filtering

Server 3 runs PostFix with ClamAV for Virus Checking.

 

The idea is that an email will get sent to Server 1, if it get's past greylisting it will get forwarded onto Server 2.

Server 2 will then scan the email to determine if it's spam or not, if's not classed as spam the email will get forwarded onto Server 3

If it gets the OK from the last server it will be forwarded onto teh intended mail server for the recipient.

 

Server 1 has 2 NICs, NIC 1 is the internal network with an IP of 10.0.0.x, NIC 2 is connected to the Router and is assigned our External IP

Server 2 has 1 NIC which has an IP of 10.0.0.x

Server 3 has 2 NICs, NIC 1 is the internal network with an IP of 10.0.0.x, NIC 2 is connected to a 2nd Router and is assigned the External IP of our second broadband connection

 

I can ping each server from each of the servers, for example I can ping Server 2 & 3 succesfully from Server 1 and etc.

 

Looking at the mail log, mail is coming into Server 1 as expected but falls over trying to forward the mail to the second server. It can't find a route to the second server ....

 

Anyone willing to help or give me an idea where I am going wrong?

 

PS. I know what we are doing here can be done on 1 server, but we currently building a system as above, so I would appreciate it if we could focus on the issue please.

Link to post
Share on other sites

6 answers to this question

Recommended Posts

  • 0
+BudMan

well how it would it not have a route, I have to assume from your IP examples given they are on the same segment.  Are you trying to forward to a fqdn or an IP, if fqdn what does that resolve too?

Link to post
Share on other sites
  • 0
srbeen

I'd think 2xNIC in each server would make this a lot easier, otherwise you're probably gonna need some hardware routing.

Link to post
Share on other sites
  • 0
fusi0n

I know you said you don't want too.. but I would just run it on one server.. If you beef it up enough.. it can handle a lot of users.. 

Link to post
Share on other sites
  • 0
+BudMan

Since you state you can ping, the other servers and they are all on the same segment I would assume (you didn't give any mask to work with so Is it /8 or /24 or /26, etc.) - server 1 talking to server2, and server2 talking to 3 does not have anything to do with routing.. Your just talking to an IP on the same network the box has an interface on.

 

So if your getting some error in your application I would think it has to do with misconfiguration of how to "route" the email based up its dest domain..  If I get email for billy@domain.tld -- the email server needs to know where to send it normally via a MX lookup for domain.tld.. If you want to just forward everything to server 2 from server one.. Then server 1 needs to know to just send everything to server 2, normally this would be called a smart host.

Link to post
Share on other sites
  • 0
johnporter29

Since you state you can ping, the other servers and they are all on the same segment I would assume (you didn't give any mask to work with so Is it /8 or /24 or /26, etc.) - server 1 talking to server2, and server2 talking to 3 does not have anything to do with routing.. Your just talking to an IP on the same network the box has an interface on.

 

So if your getting some error in your application I would think it has to do with misconfiguration of how to "route" the email based up its dest domain..  If I get email for billy@domain.tld -- the email server needs to know where to send it normally via a MX lookup for domain.tld.. If you want to just forward everything to server 2 from server one.. Then server 1 needs to know to just send everything to server 2, normally this would be called a smart host.

 

The answer your first post is that we are forwarding using the IP address..

 

We are using the mask of 255.255.255.0

 

Postfix on Server 1 has been configured to forward the mail onto Server 2.

 

We have had this working using a single NIC in each server, now it's been changed so on Server 1 the mail comes in via the External IP and gets forwarded to the 2nd server via the second nic (interneal network) ... Im sure it's something simple I've missed.

Link to post
Share on other sites
  • 0
johnporter29

After saying it was something so simple I've missed - it was - iptables was on and blocking access.

 

Thanks to everyone who responded and tried to help.

 

Awarded Best Answer/Solved to budman for the informative posts.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By News Staff
      Save 98% off a lifetime membership to Whizlabs Online Certifications
      by Steven Parker

      Today's highlighted deal comes via our Online Courses section of the Neowin Deals store, where you can save 97% off a lifetime membership to Whizlabs Online Certifications. Get lifetime access to affordable world-class certification training courses and gain new, essential industry skills.



      Are you a practicing professional but wanting to learn more? Learn new skills and knowledge at your own pace with Whizlabs. Whizlabs is a pioneer among online training providers across the world. They provide online certification training in various disciplines such as Cloud Computing, Java, Big Data, Project Management, Agile, Linux, CCNA, and Digital Marketing. Launched in 2000, Whizlabs has helped more than 3 million professionals and 100+ companies across the world to succeed in their careers with multitudes of courses. If you want to boost your career or grow in your current field, then sign up to Whizlabs now!

      Access various courses on AWS, Microsoft, Google Cloud, Java, Linux & more Get certifications & validate and demonstrate your new skills Learn from subject-matter experts & certified professionals Get regularly updated content Good to know
      Length of time users can access this course: lifetime This plan is only available to new users Redemption deadline: redeem your code within 30 days of purchase For a full description, specs, and instructor info, click here.

      What's the benefit?
      Lifetime membership to Whizlabs Online Certifications normally costs* $4,499, but you can pick it up for just $129.99 for a limited time - that represents a saving of $4,369.01 (97%) off.

      Spring Sale Promo
      Ends today April 13, for every $75 spent, get $10 in store credit.

      Get this deal, or learn more about it
      See all discounted Online Courses. This is a time-limited offer.
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      That's OK, there are other free eBooks on offer you can check out here.



      Enter giveaways: Polycade Home Arcade | $5K in cash | $10K in Crypto Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: A valid email address is required to fulfill your request. Complete and verifiable information is required in order to receive this offer. By submitting a request, your information is subject to TradePub.com's Privacy Policy.

    • By zikalify
      Linux Mint outlines better, unobtrusive update notifications
      by Paul Hill



      Clem Lefebvre, head of the Linux Mint project, has written a blog post outlining new notifications that try not to be annoying but also remind users that they need to perform software updates to keep their computer secure. The details arrive a little over a month since Lefebvre pointed to stats that show some users were not applying security updates and in some cases, people were even running end of life versions of Linux Mint.

      The Linux Mint team prides itself on its users controlling their computer rather than the other way around. New Mint versions only ever introduce conservative changes so that the whole operating system doesn’t need to be relearned and users are also given complete control over when, how, and which updates are installed; unfortunately, this mindset has led to some users running outdated, vulnerable software.



      To remedy the issue, a new pop-up has been created which lets the user know how many updates are available, it says why updates need to be applied, it lets users view available updates, and gives users the option to turn on automatic updates. If the user dismisses the notification it will come back two days later so it’s not overbearing.

      If the user decides to install updates, the notification will disappear for quite a while on the default settings. By default, the notification will appear if an update has been available for more than seven logged-in days or if it’s older than 15 calendar days. The number of days can be changed to anything between two and 90 days depending on how often you want to see updates. Additionally, these notifications will only be triggered by security and kernel updates but this can be adjusted in the settings.

      There is also a grace period setting which is set to 30 days by default, essentially, this means that if an update has been applied in the last 30 days, you will not be bugged by notifications until that time has elapsed.

      The Mint team hopes that the default settings will work for most people in that they keep their system moderately up-to-date without being overburdened with constant reminders to update their machine. The new notifications are set to arrive in Linux Mint 20.2 but Lefebvre has also said that it could be backported to older versions.

    • By zikalify
      Debian 10.9 released with updates to popular packages
      by Paul Hill

      Image via Alex Makas The Debian project has announced the availability of Debian 10.9. The new ISO image, which can be used to install Debian, comes with all the latest package updates which will save you time when installing the operating system on a computer. If you already have Debian 9 installed on your computer, there is no need to download Debian 10.9, simply apply any available updates to your system and you’ll be on the latest release.

      Commenting on the launch, the project said:

      Some of the packages that are updated in Debian 10.9 include LibreOffice, the Linux kernel, Python, Firefox ESR, Chromium, and Tor. The Debian installer has also been updated to include the latest fixes.

      Debian 10 was first released on July 6, 2019, and will continue to receive updates until 2024. As big Debian releases come out every two years, we should see Debian 11 at some point this year but so far no release date has been given. Upon release, Debian 10 will be demoted from Stable to Old Stable with Debian 9 being cut off from updates in mid-2022.

    • By zikalify
      Tails 4.17 launched with improved upgrade process
      by Paul Hill



      The team behind the privacy-oriented operating system, Tails, has launched Tails 4.17. This update includes several important updates to key packages such as the Tor Browser which are essential for maintaining your privacy but it also comes with several improvements to the upgrade process which should result in less failed upgrades.

      The first of the reliability improvements to automatic upgrades pertains to the file system. The release notes state that automatic updates were previously failing because of an unclean file system. To address this, Tails now automatically repairs the file system being used during an upgrade to eliminate the issue.

      Another change to improve upgrade reliability is the download process of new updates. Each Tails upgrade requires the users to download the new image over Tails’ Tor connection which can sometimes be spotty. With Tails 4.17, downloads will now automatically resume if they do stop so it’ll save users a lot of time.

      In terms of new package updates, the Tor Browser has been updated to 10.0.14, Thunderbird has been bumped to 78.8.0, Tor is now on 0.4.5.7, the GRUB bootloader is on 2.04-16, and several firmware packages that improve Intel, Broadcom, and Cypress interfaces have been included too.

      If you’re running Tails 4.14 or above you will get a notification telling you to update your system as soon as you connect to the internet. If you do not yet have a Tails USB to boot from but would like one, you can find instructions on downloading and installing Tails on the project’s website.

    • By indospot
      Edge Dev gets sync support on Linux, color themes
      by João Carrasqueira



      Microsoft is releasing a new Edge Dev build today, as it tends to do every Tuesday, but ahead of its rollout, the company has announced a couple of additions in this week's release. One major one is support for signing into the browser and enabling sync on Linux. This will allow Linux users to have things like passwords, history, extensions, and so on available across different devices.

      Right now, Microsoft account sign-in is still disabled by default, but you can enable the feature in edge://flags. The flag is called MSA Sign In, and once enabled, you can sign in with a Microsoft account, just like on other platforms. Azure Active Directory accounts aren't supported yet, though. As you'd expect from experimental features, some instability is to be expected.

      Another new feature added today is available for all platforms, and you may have heard of it before. The latest Edge Dev update will add a selection of 14 simple color themes, which are available directly from the Appearance section of the Edge settings. Unlike full-blown themes, these will just add a splash of color to the tab and address bars, leaving the new tab page intact. They also pair with your choice of dark or light theme, and the two settings don't affect each other.

      The feature was first spotted in Edge Canary back in December and it was hidden behind a flag at the time. Now, it will be much more widely available, and we should see it come to the Beta and stable channels in the next few weeks and months. Color themes are saved per user profile, so you can also use them to make it easier to know what account you're using. Of course, themes are still supported, and Microsoft launched a few Xbox-related themes on the Edge add-ons store earlier this year.