Hi Ildefonso,
Thanks! This is called policy based routing I believe. I did get it to
work this way partially since I told the kernel to "route over eth1 if
the protocol is SMTP". That doesn't quite work as incoming SMTP traffic
and the response packet then get kind of jumbled.
My employer prefers not using policy based routing as they prefer
keeping the configuration 'as simple as possible' but I guess I'm going
to have to tell them this has to be done anyway as I don't see any way
of doing this in the postfix configuration.
Thanks!
-Fred
On 20.01.2014 14:47, Jose Ildefonso Camargo Tolosa wrote:
On Mon, Jan 20, 2014 at 7:25 AM, <fr...@3dn.nl [7]> wrote:
On 20.01.2014 12:42, li...@rhsoft.net [3] wrote:
Am 20.01.2014 12:25, schrieb fr...@3dn.nl [1]:
Im trying to have postfix use smtp_bind_address with the address
set to multiple IP-aliasses (eg. eth1:0, eth1:1
etc.). As the default gateway is on eth0 and IP packets get
routed based on their destination, it still seems that
despite the smtp_bind_address setting, packets get directed out
of eth0.
Whats the proper solution to this?
please *always* post your configuration and logfiles to
show your problem instead a abstract description
did you read
http://www.postfix.org/postconf.5.html#smtp_bind_address [2]?
- you define *one* ip-address there
- you define a ip-address there and *not* a interface name
- eth1:0 is *not* a interface, the interface is eth1
the intention of "smtp_bind_address" is on machines with more
then one
ip-address to define the one used for outgoing connections to
match
hostname/PTR/SPF
Yes I read that page and understand it. Sorry I wasnt more clear, I
should have said eg. the IP-addresses configured on eth1:0, eth1:1.
I know an IP address is not an interface.
I cant simply attach the literal config file, my employer might not
appreciate me disclosing such information, but let me show you what
Ive done.
- First: in main.cf [4] I added
sender_dependent_default_transport_maps =
hash:/etc/postfix/sender_transport
- Second: I create /etc/postfix/sender_transport with lines looking
like: @3dn.nl [5] smtp3dn:
- Third: I ran postmap on the sender_transport file
- Fourth: I added a line smtp3dn unix n - n
- - smtpd -v -o
smtp_bind_address=172.24.25.19 to master.cf [6]
172.24.25.19 is configured to be on eth1:0.
The default gateway goes out over eth0. Based on the destination
IP-address of the remote MTA, the kernel decides that its not in a
local network so it sends it out over eth0 as thats where the
default gateway is.
eth0 and eth1 are in different VLANs, I must send SMTP out over
eth1[:*] as the source addresses are NATed on their way out and the
NAT device is in eth1s VLAN but not eth0s.
Ok, so, I assume you have only one default gateway, through eth0. In
that case, of course the kernel will use that interface. I also
assume you are working on a relatively new Linux system.
In order to use more than one default gateway, you have to add rules
to help the kernel decide when to use each of them.
The idea is adding something like this (this is an excerpt from a
test
debian system, /etc/network/interfaces):
up ip route add 10.2.20.0/24 [8] dev wlan0 table 200
up ip route add 10.27.27.0/24 [9] dev eth0 table 200
up ip route add 10.27.20.0/24 [10] dev eth2 table 200
up ip route add 10.20.20.0/24 [11] via 10.17.10.15 dev
eth2 table 200
up ip route add 10.27.21.0/24 [12] via 10.17.10.15 dev
eth2 table 200
up ip route add 10.20.27.0/24 [13] via 10.17.7.128 dev
eth0 table 200
up ip route add default via 10.27.28.7 dev tap0 table 200
These commands (remove the "up" if you need to run directly on a
terminal session) will create a new routing table, with number 200,
like that one: (obtained by running
default via 10.27.28.7 dev tap0
10.21.20.0/24 [14] dev wlan0 scope link
10.20.20.0/24 [15] via 10.17.10.15 dev eth2
10.27.27.0/24 [16] dev eth0 scope link
10.27.20.0/24 [17] dev eth2 scope link
10.27.21.0/24 [18] via 10.17.10.15 dev eth2
10.20.27.0/24 [19] via 10.17.7.128 dev eth0
Then, you need to tell the kernel what packets to route through that
routing table, you just add a rule:
up ip rule add from 10.20.27.51/32 [20] table 200
Still from the same configuration file. This will tell the kernel
that if a packet is coming from IP 10.20.27.51 use table 200 (instead
of default one) to find out where to send it.
Please, feel free to ask if you have any doubts.
Ildefonso.
Links:
------
[1] mailto:fr...@3dn.nl
[2] http://www.postfix.org/postconf.5.html#smtp_bind_address
[3] mailto:li...@rhsoft.net
[4] http://main.cf
[5] http://3dn.nl
[6] http://master.cf
[7] mailto:fr...@3dn.nl
[8] http://10.2.20.0/24
[9] http://10.27.27.0/24
[10] http://10.27.20.0/24
[11] http://10.20.20.0/24
[12] http://10.27.21.0/24
[13] http://10.20.27.0/24
[14] http://10.21.20.0/24
[15] http://10.20.20.0/24
[16] http://10.27.27.0/24
[17] http://10.27.20.0/24
[18] http://10.27.21.0/24
[19] http://10.20.27.0/24
[20] http://10.20.27.51/32
