Controlling HTTP & SMTP IP flow for 3 NIC's

[Tim Alberts]

Les Mikesell wrote:
> Tim Alberts wrote:
>> A little background first..I run 2 servers, mail and web.  The mail 
>> server is down for hardware problems.  I'm running both email and web 
>> on one server.  The web server has 3 network interfaces 1 for public 
>> email, 1 for public web, and 1 for private network.  I use 3 cards 
>> because the router I connect to the internet won't recognize multiple 
>> IP's for a single hardware MAC.
>
> That's fairly bizarre if true.  Are you sure it didn't just fail 
> temporarily when you switched because the previous MAC was cached? 
> Routers typically keep their arp cache for up to 20 minutes and won't 
> re-discover a moved IP/NIC sooner unless you manually clear the cache.
>
> But... you'd have the same issue with aliases on the same NIC.
>
>> The problem is, that my email messages seem to be going out the web 
>> network interface.  This is typically not a problem except for the 
>> reverse DNS lookup  fails which at least one domain (Comcast.Net) 
>> rejects.
>>
>> My question therefore is, how can I route my sendmail traffic to go 
>> out the correct ethernet interface?  I'm sure I'll need to do the 
>> same for the web traffic so web site spoofing alarms are triggered.
>>
>> I have told sendmail to listen to the correct interfaces, but that 
>> apparently doesn't mean only write to those interfaces.  I don't see 
>> how to control this by setting up my routes and I can only really 
>> think of ways to block it in IPtables, not re-route it.
>
> You probably used the DaemonPortOptions entry in sendmail.mc to 
> control the listening side.  Do the same with ClientPortOptions for 
> outbound connections.
>


Boy it sure sounded like a solution.  This may guarantee that sendmail 
sends on the specified IP interfaces.  However I think the underlying 
linux routing is still the problem because the problem hasn't gone away.