Is this a safe way to multi-home a mail server?

Jerry Bell jbell at stelesys.com
Sat Jun 25 13:04:24 GMT 2005


I believe the problem you are going to run into is with outbound routing. 
You're only able to have one default route, which will point you out one
dsl router or the other.  If the ISP that is your default dies, then your
traffic isn't going anywhere.  Depending on what problems the ISP's are
having, you may able to overcome the problem by using dynamic routing from
the routers to the BSD server.  If you can get that to work, you're most
of the way there.

The other problem I see is that when everything is working good and
traffic comes in on the secondary ISP, your return traffic is going to be
sent out the default route, not necessarily the one that came in.  This
may be a problem if your ISP's are performing egress filtering, preventing
IP's that aren't their own from leaving out of their network (this is a
good practice, btw).  If you can either work out an arrangement with the
ISP's on the filtering (if it exists) or you can set things up such that
mail doesn't come into the secondary ISP unless the primary is down, and
you have dymanic routing set up, I think this will work pretty well.

Jerry
http://www.syslog.org
> I have a machine on two DSL networks: a /29 and a /28 provided by
> different ISPS (why is a long story).  The machine acts as a mail
> server (sendmail) as well as a NAT server for an internal network.
> Both DSL nets arrive at one interface card, and the LAN is on the
> other card.  I have added one of the DSL nets as the main net for the
> external interface and the other DSL net as an alias via ifconfig.
>
> Two questions:
>
> 1.  Can I have both host IPs (one from each DSL net) as A records in
> DNS for the mail server's name--e.g.,
>
> 	mail.my.domain	IN A 1.2.3.4
> 	mail.my.domain	IN A 5.6.7.8
>
> and expect mail to arrive at the machine regardless of which network
> is working at any given time?  (Part of the "long story" is that we're
> having serious trouble with one or the other network at various times
> and are trying, temporarily at least, to stay afloat by using
> whichever is better at the moment.)  Both host IPs have correct
> (identical) reverse DNS.
>
> 2.  Is there a way, via routed or other means, to cause the machine to
> figure out automatically which net to use for "default" traffic?  It
> would be wonderful if natd could keep up with this too, but there I
> suspect I'm asking for the moon...
>
> Thanks much for any responses.  Please Cc me.
>
>
> --
> Doug Lee           dgl at dlee.org        http://www.dlee.org
> BART Group         doug at bartsite.com   http://www.bartsite.com
> "I before E, except after C, or when sounded like A, as in neighbor
> and weigh, except for when weird foreign concierges seize neither
> leisure nor science from the height of society."
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>




More information about the freebsd-questions mailing list