Postfix inbound and outbound on different interfaces

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix inbound and outbound on different interfaces

Wadeegh Hendricks
Hi,

Is it possible to configure Postfix to to use different network interfaces on the same server for inbound and outbound connections? I have a server setup with 2 network cards, ie eth0 and eth1 and I need to have inbound connections to come to eth0 and outbound connections to go via eth1.

If it is possible could someone please explain to me how to do this or point me to some documentation that explains this?

Many Thanks in advance.

Wadeegh Hendricks

Reply | Threaded
Open this post in threaded view
|

Re: Postfix inbound and outbound on different interfaces

Wietse Venema
Wadeegh Hendricks:
> Hi,
>
> Is it possible to configure Postfix to to use different network interfaces
> on the same server for inbound and outbound connections?

No. You can configure the a server or client process so that it
uses a specific local IP address.

This DOES NOT, however, guarantee that network traffic will use
that network interface.  It ONLY guarantees that traffic uses a
particular local IP address.

Traffic flow is controlled by kernel routing tables, not by Postfix.

> I have a server
> setup with 2 network cards, ie eth0 and eth1 and I need to have inbound
> connections to come to eth0 and outbound connections to go via eth1.

TCP is a two-way protocol. Every TCP connection has roughly half
the packets flowing to your server, and roughly half the packets
from your server.

Do you really want half the packets in the same TCP connection to
go via eth0 and the other half of the packets via eth1?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Postfix inbound and outbound on different interfaces

Charles Marcus
On 7/2/2008, Wietse Venema ([hidden email]) wrote:
>> Is it possible to configure Postfix to to use different network interfaces
>> on the same server for inbound and outbound connections?

> No. You can configure the a server or client process so that it
> uses a specific local IP address.
>
> This DOES NOT, however, guarantee that network traffic will use
> that network interface.  It ONLY guarantees that traffic uses a
> particular local IP address.

Maybe he meant have incoming MAIL come to eth0 and outgoing mail go
through eth1?

--

Best regards,

Charles
Reply | Threaded
Open this post in threaded view
|

Re: Postfix inbound and outbound on different interfaces

Wietse Venema
Charles Marcus:

> On 7/2/2008, Wietse Venema ([hidden email]) wrote:
> >> Is it possible to configure Postfix to to use different network interfaces
> >> on the same server for inbound and outbound connections?
>
> > No. You can configure the a server or client process so that it
> > uses a specific local IP address.
> >
> > This DOES NOT, however, guarantee that network traffic will use
> > that network interface.  It ONLY guarantees that traffic uses a
> > particular local IP address.
>
> Maybe he meant have incoming MAIL come to eth0 and outgoing mail go
> through eth1?

You deleted the most important portion of my email, probably
because you did not grap its relevance.

Let me summarize it thusly. KERNEL ROUTING TABLES don't distinguish
between data packets going out and ack packets going out.

        Wietse
Reply | Threaded
Open this post in threaded view
|

RE: Postfix inbound and outbound on different interfaces

Joseph L. Casale
>> Maybe he meant have incoming MAIL come to eth0 and outgoing mail go
>> through eth1?
>
>You deleted the most important portion of my email, probably
>because you did not grap its relevance.
>
>Let me summarize it thusly. KERNEL ROUTING TABLES don't distinguish
>between data packets going out and ack packets going out.

Wietse,
I think Charles had it right, I also think the OP meant was to have
the smtp daemon transport its outbound mail via eth{x} and the
smtpd daemon receive its inbound mail via eth{y} which I thought
was configurable in the master.cf?

Thanks!
jlc
Reply | Threaded
Open this post in threaded view
|

Re: Postfix inbound and outbound on different interfaces

Wietse Venema
Joseph L. Casale:

> >> Maybe he meant have incoming MAIL come to eth0 and outgoing mail go
> >> through eth1?
> >
> >You deleted the most important portion of my email, probably
> >because you did not grap its relevance.
> >
> >Let me summarize it thusly. KERNEL ROUTING TABLES don't distinguish
> >between data packets going out and ack packets going out.
>
> Wietse,
> I think Charles had it right, I also think the OP meant was to have
> the smtp daemon transport its outbound mail via eth{x} and the
> smtpd daemon receive its inbound mail via eth{y} which I thought
> was configurable in the master.cf?

Again, I already answered that in the portion of my email that
Charles ignorantly deleted from my response.

You guys are overlooking the difference between a packet-switched
network and a circuit-switched network.

The internet, in case you forgot, is packet switched.

You can configure a TCP client or server to use a specific local
IP address.

1) This does NOT decide what interface will be used for SENDING
   packets with that local IP address. That decision is based on
   the REMOTE IP address, and that decision is made by the kernel
   routing tables.

2) This also does NOT decide what interface will be used for
   RECEIVING packets with that local IP address. That decision is
   made outside the machine.

Note, I write "what interface will be used for sending out packets
with that local IP address". That's interface, not IP address.

Note, I write "what interface will be used for receiving packets
with that local IP address". That's interface, not IP address.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Postfix inbound and outbound on different interfaces

Sahil Tandon
In reply to this post by Joseph L. Casale
Joseph L. Casale <[hidden email]> wrote:

> >> Maybe he meant have incoming MAIL come to eth0 and outgoing mail go
> >> through eth1?
> >
> >You deleted the most important portion of my email, probably
> >because you did not grap its relevance.
> >
> >Let me summarize it thusly. KERNEL ROUTING TABLES don't distinguish
> >between data packets going out and ack packets going out.
>
> Wietse,
> I think Charles had it right, I also think the OP meant was to have
> the smtp daemon transport its outbound mail via eth{x} and the
> smtpd daemon receive its inbound mail via eth{y} which I thought
> was configurable in the master.cf?

No, this not configurable in master.cf.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix inbound and outbound on different interfaces

Wadeegh Hendricks
In reply to this post by Wietse Venema
Sorry for the confusion, allow me to further explain.

We currently have a Brightmail SMTP server that we are replacing and this has been configured with 2 IP addresses as follows:

1) eth0 - internal IP of 10.0.0.1 natted to an external IP on our firewall
2) eth1 - internal IP of 10.0.0.2 natted to another external IP on our firewall

Both of these run into a switch that is directly connected to the firewall that also soes all the routing.

All incoming SMTP connections are made to to the one external IP and all outgoing SMTP connections are natted behind the other external IP.  When I do the switchover to Postfix, I just thought it would be easier not to change the firewall rules and to have a similar setup that I could just swop cables to different servers.

Many Thanks

Wadeegh

On Wed, Jul 2, 2008 at 11:40 PM, Wietse Venema <[hidden email]> wrote:
Wadeegh Hendricks:
> Hi,
>
> Is it possible to configure Postfix to to use different network interfaces
> on the same server for inbound and outbound connections?

No. You can configure the a server or client process so that it
uses a specific local IP address.

This DOES NOT, however, guarantee that network traffic will use
that network interface.  It ONLY guarantees that traffic uses a
particular local IP address.

Traffic flow is controlled by kernel routing tables, not by Postfix.

> I have a server
> setup with 2 network cards, ie eth0 and eth1 and I need to have inbound
> connections to come to eth0 and outbound connections to go via eth1.

TCP is a two-way protocol. Every TCP connection has roughly half
the packets flowing to your server, and roughly half the packets
from your server.

Do you really want half the packets in the same TCP connection to
go via eth0 and the other half of the packets via eth1?

       Wietse

Reply | Threaded
Open this post in threaded view
|

Re: Postfix inbound and outbound on different interfaces

Wietse Venema
Wadeegh Hendricks:
> Sorry for the confusion, allow me to further explain.

Postfix can choose the local IP address, not the network interface.

The kernel chooses the network interface when it sends out packets;
normally, this decision does not involve the local IP address of
a network packet, but only the remote IP address.

Making this decision dependent on the local IP address is extremely
system dependent (if it can be done at all).  Your question is
better asked on a mailing list for your specific operating system.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Postfix inbound and outbound on different interfaces

Wadeegh Hendricks
The system I am using is Redhat ES 4.  How do you specify the local IP address to use?  Is it configured in the master.cf file?

On Thu, Jul 3, 2008 at 2:51 PM, Wietse Venema <[hidden email]> wrote:
Wadeegh Hendricks:
> Sorry for the confusion, allow me to further explain.

Postfix can choose the local IP address, not the network interface.

The kernel chooses the network interface when it sends out packets;
normally, this decision does not involve the local IP address of
a network packet, but only the remote IP address.

Making this decision dependent on the local IP address is extremely
system dependent (if it can be done at all).  Your question is
better asked on a mailing list for your specific operating system.

       Wietse

Reply | Threaded
Open this post in threaded view
|

Re: Postfix inbound and outbound on different interfaces

Wietse Venema
Wadeegh Hendricks:
> Sorry for the confusion, allow me to further explain.

On Thu, Jul 3, 2008 at 2:51 PM, Wietse Venema <[hidden email]> wrote:
> Postfix can choose the local IP address, not the network interface.

Wadeegh Hendricks:
> The system I am using is Redhat ES 4.  How do you specify the local IP
> address to use?  Is it configured in the master.cf file?

http://www.postfix.org/master.5.html
        Look under "service name" and service type
http://www.postfix.org/postconf.5.html#smtp_bind_address
        See also "-o name=value" in http://www.postfix.org/master.5.html

Wietse:
> The kernel chooses the network interface when it sends out packets;
> normally, this decision does not involve the local IP address of
> a network packet, but only the remote IP address.
>
> Making this decision dependent on the local IP address is extremely
> system dependent (if it can be done at all).  Your question is
> better asked on a mailing list for your specific operating system.

        Wietse
Reply | Threaded
Open this post in threaded view
|

[ot] Linux source routing (was: Postfix inbound and outbound on different interfaces)

/dev/rob0
In reply to this post by Wietse Venema
On Thu July 3 2008 07:51:25 Wietse Venema wrote:
> Postfix can choose the local IP address, not the network interface.
>
> The kernel chooses the network interface when it sends out packets;
> normally, this decision does not involve the local IP address of
> a network packet, but only the remote IP address.
>
> Making this decision dependent on the local IP address is extremely
> system dependent (if it can be done at all).  Your question is
> better asked on a mailing list for your specific operating system.

Source routing in Linux is fairly simple, documented here:
    http://lartc.org/howto/lartc.rpdb.html
And indeed, the LARTC mailing list is the best place for this.
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header
Reply | Threaded
Open this post in threaded view
|

Re: Postfix inbound and outbound on different interfaces

Barry Irwin-2
In reply to this post by Wadeegh Hendricks
Hi

Have a look at having your SMTPD listen on one address and the smtpc (
client side) bind another IP address for use as outgoing.

These do not have to be on different interfaces.

for the client side (you may not need to set the helo name explicitly):
  smtp_bind_address=196.x.x.x
  smtp_helo_name=dryder.x.x.za

Regarding incoming mail ( smtpd)
Have a look at the inet_interfaces config variable.

Barry




Wadeegh Hendricks wrote:

> Hi,
>
> Is it possible to configure Postfix to to use different network
> interfaces on the same server for inbound and outbound connections? I
> have a server setup with 2 network cards, ie eth0 and eth1 and I need to
> have inbound connections to come to eth0 and outbound connections to go
> via eth1.
>
> If it is possible could someone please explain to me how to do this or
> point me to some documentation that explains this?
>
> Many Thanks in advance.
>
> Wadeegh Hendricks
>