Date: Mon, 27 Jun 2005 00:37:43 -0400 From: Chuck Swiger <cswiger@mac.com> To: Doug Lee <dgl@dlee.org> Cc: freebsd-questions@freebsd.org Subject: Re: Is this a safe way to multi-home a mail server? Message-ID: <42BF8297.2050504@mac.com> In-Reply-To: <20050625113819.GI950@kirk.dlee.org> References: <20050625113819.GI950@kirk.dlee.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Lee wrote: > 1. Can I have both host IPs (one from each DSL net) as A records in > DNS for the mail server's name--e.g., > > mail.my.domain IN A 1.2.3.4 > mail.my.domain IN A 5.6.7.8 > > and expect mail to arrive at the machine regardless of which network > is working at any given time? This is just fine, and well-behaved mail servers will even attempt to query SMTP on both IP addresses if need be. This will work happily with trivial effort. [ ... ] > 2. Is there a way, via routed or other means, to cause the machine to > figure out automatically which net to use for "default" traffic? It > would be wonderful if natd could keep up with this too, but there I > suspect I'm asking for the moon... No. There is only one default route. However, you can add broad routes to override that default for useful cases. For example, if I were in NYC and connected to AT&T and Verizon, I'd put 12.0.0.0/8 towards the former, and vice versa about 68/8 (for a trivial example). Or you could use IPFW to forward traffic to a specific interface on your firewall to implement policy routing there. You could also look into improving redunancy by maybe setting up two firewalls, one for each external connection, and bond them together via stuff like freevrrpd, CARP, maybe the Linux HA heartbeat port, so that if one box fails, or if the associated external connection goes down, you fail over to the other connection. Of course, if you had money to spend, you could always rent an IP block reservation from ARIN and multihome for real. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42BF8297.2050504>