Discussion:
ADSL Routers and multiple Port 25 forwarding
John Morch
2007-01-06 02:36:42 UTC
Permalink
I have two adsl connections with fixed ip addresses.

I forward port 25 to server1 on first one using XH1169 and do heavy spam
filtering.
I used to forward port 25 on the second to server2 using M1122 but stopped a
while ago as dont have any good spam filtering on server2.
all MX records are set to go to one or the other fixed ip addresses with the
other as a secondary.
Both servers pass traffic internally for appropriate domains.

Last night adsl1 fell over and no email was delivered (as expected)
I have tried forwarding both adsl routers to server1 but it is sbs2003 and
will not allow this it seems.

Can anyone suggest how i can forward port 25 from M1122 to XH1169 and then
onto server1 or if not possible I have a spare G604T that i can use in place
of the M1122.

There is no need for other port forwarding on adsl2

Thanks in advance

John

_________________________________________________________________
Check out the latest video @ http://xtra.co.nz/streaming
Mark Foster
2007-01-06 04:11:30 UTC
Permalink
Post by John Morch
Last night adsl1 fell over and no email was delivered (as expected)
I have tried forwarding both adsl routers to server1 but it is sbs2003 and
will not allow this it seems.
This will probably be because its default gateway will point back to
adsl2's router, so any attempt to communicate with it through adsl1 will
have all return packets routed via adsl2 - and the remote end will not
have any idea what is going on. (Aka, no tcp sessions can be established).
Post by John Morch
Can anyone suggest how i can forward port 25 from M1122 to XH1169 and then
onto server1 or if not possible I have a spare G604T that i can use in place
of the M1122.
Can't really be done, as it'd require you to be able to deal with pinholes
on the internal interface of the XH1169 and then re-forward the traffic to
a different address, via the same interface. This isn't exactly typical
behavior so I doubt the box has been configured to allow this.

If you have two mail servers with one acting as secondary MX for the other
and vice versa, the only way to force traffic to one MTA in particular
would, from my POV, be to close Port 25 on the other and/or cause the
inbound systems to talk to the preferred mail server via its own MX record
/ IP address.

The alternative would be to change the default gateway on server1 to point
to the other DSL modem. (Basically you can use only one route at a time.
To have different routes you would need different costs - one would be
preferred over the other - and the mailsystem would need to see the
preferred one actually fail / cease to be available, before it'll pick the
next lowest metric from its routing table and send traffic there.

This is similar to corporate routers (say on frame relay) which have an
ISDN link as secondary; the ISDN Link is present but has a much higher
cost, so is not used unless the primary route (the frame link) dissapears
from the routing table - eg, the interface drops.

Hope this helps. I dare say there are people on here more experienced at
some of this than I.

Mark.
Craig Whitmore
2007-01-06 08:41:06 UTC
Permalink
Post by Mark Foster
This will probably be because its default gateway will point back to
adsl2's router, so any attempt to communicate with it through adsl1 will
have all return packets routed via adsl2 - and the remote end will not
have any idea what is going on. (Aka, no tcp sessions can be established).
There is 1 option. buying 2 more intelligent DSL routers such as a couple of
cisco 837/537 for example and use iBGP or whatever your favourite igp is and
use that to change things around automagicllly.. Also another option
depending on the routers you have is to use RIP internally on them. I know
alot of routers have RIP routing, but if its useable internally I have no
idea.

Thanks
Craig
Jp Wise
2007-01-09 19:16:41 UTC
Permalink
Another couple of maybe options which would be a bit trial and error
would be:

1) Put a router than can do routing based on port addresses in between
the two adsl routers and the mail server.
1a) Port forward from one adsl model to port 25
1b) Port forward from the other adsl modem to port 26 (with 26 activated
on server 2 aswell). this gives you different port numbers for
determining which router it should send it back to via the in between
router.

2) Second NIC (or 2nd ip/subnet on existing nic) - maybe.
2a) routing tables may still be an issue with this. In the back of my
mind the last time I properly played with routing the system will still
go with the 'default default' even if it's via a different nic. But you
might have an option to bind the mail server in SBS2003 to a local
interface and see how it goes with the return routing.


I've used something similar to the first when I had a linux box with two
links (adsl & cable). The cable was primary mx, the adsl secondary mx.
Connections coming in on Cable:25 were forwarded to the mail server on
port 25. Connections coming in on ADSL:25 were forwarded to the mail
server on port 26. When the return packets came back from the mail
server if it was from mail:25 the iptables were configured to send it
went out via cable. If it came from mail:26 it was sent out via
adsl. The mail server of course also needs to be enabled for
connections on port 26 aswell.

Jp.
Post by Mark Foster
Post by John Morch
Last night adsl1 fell over and no email was delivered (as expected)
I have tried forwarding both adsl routers to server1 but it is sbs2003 and
will not allow this it seems.
This will probably be because its default gateway will point back to
adsl2's router, so any attempt to communicate with it through adsl1 will
have all return packets routed via adsl2 - and the remote end will not
have any idea what is going on. (Aka, no tcp sessions can be established).
Post by John Morch
Can anyone suggest how i can forward port 25 from M1122 to XH1169 and then
onto server1 or if not possible I have a spare G604T that i can use in place
of the M1122.
Can't really be done, as it'd require you to be able to deal with pinholes
on the internal interface of the XH1169 and then re-forward the traffic to
a different address, via the same interface. This isn't exactly typical
behavior so I doubt the box has been configured to allow this.
If you have two mail servers with one acting as secondary MX for the other
and vice versa, the only way to force traffic to one MTA in particular
would, from my POV, be to close Port 25 on the other and/or cause the
inbound systems to talk to the preferred mail server via its own MX record
/ IP address.
The alternative would be to change the default gateway on server1 to point
to the other DSL modem. (Basically you can use only one route at a time.
To have different routes you would need different costs - one would be
preferred over the other - and the mailsystem would need to see the
preferred one actually fail / cease to be available, before it'll pick the
next lowest metric from its routing table and send traffic there.
This is similar to corporate routers (say on frame relay) which have an
ISDN link as secondary; the ISDN Link is present but has a much higher
cost, so is not used unless the primary route (the frame link) dissapears
from the routing table - eg, the interface drops.
Hope this helps. I dare say there are people on here more experienced at
some of this than I.
Mark.
_______________________________________________
adsl mailing list
http://lists.unixathome.org/mailman/listinfo/adsl
Loading...