Help!

Load balancing SMTP servers

  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Firewall RSS
Next:  planned  
Author Message
George Borisov
External


Since: Aug 18, 2006
Posts: 15
PostPosted: Tue Nov 21, 2006 3:30 pm    Post subject: Load balancing SMTP servers
Archived from groups: linux>debian>maint>firewall (more info?)

Hello,

We are in the process of changing firewalls. The old firewall has
load balancing configured for our SMTP servers using ipvsadm
(single eternal address alternating between several internal
servers).

The new firewall will be using iptables for port forwarding and I
am having a bit of a problem figuring out how to load balance our
SMTP traffic.

I would like to keep using ipvsadm but I can't think of a way to
stop it from getting mixed up with iptables.

The firewall will be doing SNAT for the network (including the
SMTP servers), as well as having multiple public IP addresses for
port-forwarding.

How do I configure iptables not to SNAT the load-balanced
traffic, while at the same time allowing the SMTP servers to go
out to the internet (apart from setting up another gateway)?

I have also tried out the "pen" package which would have been
ideal, except it masks the client IP address. Sad

Are there better ways?


Thank you in advance,

--
George Borisov

DXSolutions Ltd


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST.TakeThisOut@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.TakeThisOut@lists.debian.org
Back to top
Daniel Pittman
External


Since: Feb 23, 2005
Posts: 92
PostPosted: Wed Nov 22, 2006 3:10 am    Post subject: Re: Load balancing SMTP servers [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
George Borisov writes:

> We are in the process of changing firewalls. The old firewall has load
> balancing configured for our SMTP servers using ipvsadm (single
> eternal address alternating between several internal servers).
>
> The new firewall will be using iptables for port forwarding and I am
> having a bit of a problem figuring out how to load balance our SMTP
> traffic.
>
> I would like to keep using ipvsadm but I can't think of a way to stop
> it from getting mixed up with iptables.

Er, it generally "just works." For detailed documentation take a look
at the "UltraMonkey" website and the LVS website, both of which discuss
this in some detail.

I also note that I had a very similar system working quite nicely, with
both LVS and iptables rules in place.

Regards,
Daniel
--
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707 email: contact RemoveThis @digital-infrastructure.com.au
http://digital-infrastructure.com.au/


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST RemoveThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster RemoveThis @lists.debian.org
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Firewall All times are: Eastern Time (US & Canada)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum