1

I have 3 interfaces on my main server, first is used for the local network, second and third are internet connections (each has its own ip routing table):

eth0 192.168.0.1
eth1 9.9.9.9
eth2 7.7.7.7

There is mail server on host 192.168.0.2 of local net. Iptables translates packets to 25 port of hosts 9.9.9.9 and 7.7.7.7 to 192.168.0.2:25 via DNAT rules.

Also there is specific routing table T1 in my main server, which is used by mail server via

ip rule add from 192.168.0.2 lookup T1

But table T1 uses only one default route:

default via 7.7.7.6 dev eth2 src 7.7.7.7

If packet has came from my first provider to interface 9.9.9.9, when 192.168.0.2 sends request back to sender, it uses default gateway of second provider and sender can't establish connection.

What can i do? My eth1 and eth2 are mx records on DNS and they must both be working.

hraphrap
  • 237
  • 2
  • 16
  • Out of curiousity - what's the reason for having 2 MX records pointing to the same server on different interfaces? – Jenny D Sep 27 '13 at 12:09
  • @Jenny-D Connections are not stable, i hope that mail servers try to send mail over mx2 in second attempt if first provider is down. – hraphrap Sep 27 '13 at 12:15
  • 1
    I don't know about Linux and all of it's variants but in Windows a host may only have one default gateway (AFAIK) which is where all non-local traffic is sent when a more specific route isn't known by the host. Assuming Linux and it's variants work the same way I don't see how you can make this work. – joeqwerty Sep 27 '13 at 16:12

1 Answers1

1

That's kind of the expected behavior.

SMTP and routing paths are two different layers on the 7 layer networking cake. The closest you can come to managing what routes your mail takes is to build a secondary default route for specific networks you always want to go through a particular NIC for just that particular port.

For example, you can build an iptables rule that only affects port 25 traffic; if the destination address is something, route it to default gateway 2. The rest (0.0.0.0) will always default to the primary default gateway.

CIA
  • 1,604
  • 2
  • 13
  • 32
  • I think, i can force postfix to listen 25 and 125 ports, and on my main server i can mark packets that are going from these ports of host 192.168.0.2 with different numbers. And then i can add 2 rules based on these marks to use routing tables with different gateway. Or just i can create alias-interfaces on mail and main servers on another network and add rules to iproute based on sender host. But i want to use beautiful solution =) – hraphrap Sep 27 '13 at 23:27