Controlling HTTP & SMTP IP flow for 3 NIC's
Tim Alberts
talberts at msiscales.com
Wed Jan 23 21:01:46 UTC 2008
Les Mikesell wrote:
> Tim Alberts wrote:
>> A little background first..I run 2 servers, mail and web. The mail
>> server is down for hardware problems. I'm running both email and web
>> on one server. The web server has 3 network interfaces 1 for public
>> email, 1 for public web, and 1 for private network. I use 3 cards
>> because the router I connect to the internet won't recognize multiple
>> IP's for a single hardware MAC.
>
> That's fairly bizarre if true. Are you sure it didn't just fail
> temporarily when you switched because the previous MAC was cached?
> Routers typically keep their arp cache for up to 20 minutes and won't
> re-discover a moved IP/NIC sooner unless you manually clear the cache.
>
> But... you'd have the same issue with aliases on the same NIC.
>
>> The problem is, that my email messages seem to be going out the web
>> network interface. This is typically not a problem except for the
>> reverse DNS lookup fails which at least one domain (Comcast.Net)
>> rejects.
>>
>> My question therefore is, how can I route my sendmail traffic to go
>> out the correct ethernet interface? I'm sure I'll need to do the
>> same for the web traffic so web site spoofing alarms are triggered.
>>
>> I have told sendmail to listen to the correct interfaces, but that
>> apparently doesn't mean only write to those interfaces. I don't see
>> how to control this by setting up my routes and I can only really
>> think of ways to block it in IPtables, not re-route it.
>
> You probably used the DaemonPortOptions entry in sendmail.mc to
> control the listening side. Do the same with ClientPortOptions for
> outbound connections.
>
Boy it sure sounded like a solution. This may guarantee that sendmail
sends on the specified IP interfaces. However I think the underlying
linux routing is still the problem because the problem hasn't gone away.
More information about the users
mailing list