Is this a safe way to multi-home a mail server?
cswiger at mac.com
Mon Jun 27 04:37:51 GMT 2005
Doug Lee wrote:
> 1. Can I have both host IPs (one from each DSL net) as A records in
> DNS for the mail server's name--e.g.,
> mail.my.domain IN A 184.108.40.206
> mail.my.domain IN A 220.127.116.11
> and expect mail to arrive at the machine regardless of which network
> is working at any given time?
This is just fine, and well-behaved mail servers will even attempt to query
SMTP on both IP addresses if need be. This will work happily with trivial effort.
[ ... ]
> 2. Is there a way, via routed or other means, to cause the machine to
> figure out automatically which net to use for "default" traffic? It
> would be wonderful if natd could keep up with this too, but there I
> suspect I'm asking for the moon...
No. There is only one default route. However, you can add broad routes to
override that default for useful cases. For example, if I were in NYC and
connected to AT&T and Verizon, I'd put 18.104.22.168/8 towards the former, and vice
versa about 68/8 (for a trivial example). Or you could use IPFW to forward
traffic to a specific interface on your firewall to implement policy routing there.
You could also look into improving redunancy by maybe setting up two firewalls,
one for each external connection, and bond them together via stuff like
freevrrpd, CARP, maybe the Linux HA heartbeat port, so that if one box fails,
or if the associated external connection goes down, you fail over to the other
Of course, if you had money to spend, you could always rent an IP block
reservation from ARIN and multihome for real.
More information about the freebsd-questions