From owner-freebsd-questions@FreeBSD.ORG Sat Jun 25 13:04:24 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7740916A440 for ; Sat, 25 Jun 2005 13:04:24 +0000 (GMT) (envelope-from jbell@stelesys.com) Received: from stelesys.com (web1.stelesys.com [63.175.100.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CCB943D1D for ; Sat, 25 Jun 2005 13:04:24 +0000 (GMT) (envelope-from jbell@stelesys.com) Received: from [127.0.0.1] (helo=www.stelesys.com) by stelesys.com with esmtpa (Exim 4.51 (FreeBSD)) id 1DmAKZ-000Frw-CC; Sat, 25 Jun 2005 09:04:19 -0400 Received: from 24.99.220.144 (SquirrelMail authenticated user jbell@stelesys.com); by www.stelesys.com with HTTP; Sat, 25 Jun 2005 09:04:19 -0400 (EDT) Message-ID: <3827.24.99.220.144.1119704659.squirrel@24.99.220.144> In-Reply-To: <20050625113819.GI950@kirk.dlee.org> References: <20050625113819.GI950@kirk.dlee.org> Date: Sat, 25 Jun 2005 09:04:19 -0400 (EDT) From: "Jerry Bell" To: "Doug Lee" User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-questions@freebsd.org Subject: Re: Is this a safe way to multi-home a mail server? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jun 2005 13:04:24 -0000 I believe the problem you are going to run into is with outbound routing. You're only able to have one default route, which will point you out one dsl router or the other. If the ISP that is your default dies, then your traffic isn't going anywhere. Depending on what problems the ISP's are having, you may able to overcome the problem by using dynamic routing from the routers to the BSD server. If you can get that to work, you're most of the way there. The other problem I see is that when everything is working good and traffic comes in on the secondary ISP, your return traffic is going to be sent out the default route, not necessarily the one that came in. This may be a problem if your ISP's are performing egress filtering, preventing IP's that aren't their own from leaving out of their network (this is a good practice, btw). If you can either work out an arrangement with the ISP's on the filtering (if it exists) or you can set things up such that mail doesn't come into the secondary ISP unless the primary is down, and you have dymanic routing set up, I think this will work pretty well. Jerry http://www.syslog.org > I have a machine on two DSL networks: a /29 and a /28 provided by > different ISPS (why is a long story). The machine acts as a mail > server (sendmail) as well as a NAT server for an internal network. > Both DSL nets arrive at one interface card, and the LAN is on the > other card. I have added one of the DSL nets as the main net for the > external interface and the other DSL net as an alias via ifconfig. > > Two questions: > > 1. Can I have both host IPs (one from each DSL net) as A records in > DNS for the mail server's name--e.g., > > mail.my.domain IN A 1.2.3.4 > mail.my.domain IN A 5.6.7.8 > > and expect mail to arrive at the machine regardless of which network > is working at any given time? (Part of the "long story" is that we're > having serious trouble with one or the other network at various times > and are trying, temporarily at least, to stay afloat by using > whichever is better at the moment.) Both host IPs have correct > (identical) reverse DNS. > > 2. Is there a way, via routed or other means, to cause the machine to > figure out automatically which net to use for "default" traffic? It > would be wonderful if natd could keep up with this too, but there I > suspect I'm asking for the moon... > > Thanks much for any responses. Please Cc me. > > > -- > Doug Lee dgl@dlee.org http://www.dlee.org > BART Group doug@bartsite.com http://www.bartsite.com > "I before E, except after C, or when sounded like A, as in neighbor > and weigh, except for when weird foreign concierges seize neither > leisure nor science from the height of society." > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >