From owner-freebsd-questions@FreeBSD.ORG Mon Jun 27 04:37:51 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C31EE16A41C for ; Mon, 27 Jun 2005 04:37:51 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D99143D1F for ; Mon, 27 Jun 2005 04:37:51 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id EF4BD5D41; Mon, 27 Jun 2005 00:37:50 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58942-02; Mon, 27 Jun 2005 00:37:38 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-69-22.ny325.east.verizon.net [68.161.69.22]) by pi.codefab.com (Postfix) with ESMTP id F1D6D5C43; Mon, 27 Jun 2005 00:37:37 -0400 (EDT) Message-ID: <42BF8297.2050504@mac.com> Date: Mon, 27 Jun 2005 00:37:43 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Doug Lee References: <20050625113819.GI950@kirk.dlee.org> In-Reply-To: <20050625113819.GI950@kirk.dlee.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Cc: freebsd-questions@freebsd.org Subject: Re: Is this a safe way to multi-home a mail server? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 04:37:51 -0000 Doug Lee wrote: > 1. Can I have both host IPs (one from each DSL net) as A records in > DNS for the mail server's name--e.g., > > mail.my.domain IN A 1.2.3.4 > mail.my.domain IN A 5.6.7.8 > > and expect mail to arrive at the machine regardless of which network > is working at any given time? This is just fine, and well-behaved mail servers will even attempt to query SMTP on both IP addresses if need be. This will work happily with trivial effort. [ ... ] > 2. Is there a way, via routed or other means, to cause the machine to > figure out automatically which net to use for "default" traffic? It > would be wonderful if natd could keep up with this too, but there I > suspect I'm asking for the moon... No. There is only one default route. However, you can add broad routes to override that default for useful cases. For example, if I were in NYC and connected to AT&T and Verizon, I'd put 12.0.0.0/8 towards the former, and vice versa about 68/8 (for a trivial example). Or you could use IPFW to forward traffic to a specific interface on your firewall to implement policy routing there. You could also look into improving redunancy by maybe setting up two firewalls, one for each external connection, and bond them together via stuff like freevrrpd, CARP, maybe the Linux HA heartbeat port, so that if one box fails, or if the associated external connection goes down, you fail over to the other connection. Of course, if you had money to spend, you could always rent an IP block reservation from ARIN and multihome for real. -- -Chuck