postfix interface

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

postfix interface

Gabriel Angel Möll Ibacache
Hi everyone!

I have a linux box with three interfaces and I want to set postfix
outgoing interface to eth2

eth0 is conected to LAN
eth1 is using a public IP x.x.x.x
eth2 is usign a public IP y.y.y.y

I 'm using linux box to NAT, and firewall with iptables.

The routing tables are

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
wan   0.0.0.0         255.255.255.248 U     0      0        0 eth1
wan   0.0.0.0         255.255.255.248 U     0      0        0 eth2
lan    0.0.0.0         255.255.255.0   U     0      0        0 br0
lan    0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth2
0.0.0.0         gw-wan-ip   0.0.0.0         UG    0      0        0 eth1
0.0.0.0         gw-wan-ip   0.0.0.0         UG    0      0        0 eth2

I'm using iptables to nat. The rule is the following

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source x.x.x.x

My main.cf has the following lines

myhostname = server.mi_domain # this is pointing to IP y.y.y.y
mydomain = mi_domain # this is pointing to IP y.y.y.y
inet_interfaces = $myhostname, localhost

Anyone know how can I set the postfix outgoing interface?

--
Sin otro particular se despide,
Gabriel Möll Ibacache
Ingeniero Civil en Computación
Reply | Threaded
Open this post in threaded view
|

Re: postfix interface

Robert Schetterer
Gabriel Angel Möll Ibacache schrieb:

> Hi everyone!
>
> I have a linux box with three interfaces and I want to set postfix
> outgoing interface to eth2
>
> eth0 is conected to LAN
> eth1 is using a public IP x.x.x.x
> eth2 is usign a public IP y.y.y.y
>
> I 'm using linux box to NAT, and firewall with iptables.
>
> The routing tables are
>
> # route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> wan   0.0.0.0         255.255.255.248 U     0      0        0 eth1
> wan   0.0.0.0         255.255.255.248 U     0      0        0 eth2
> lan    0.0.0.0         255.255.255.0   U     0      0        0 br0
> lan    0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth2
> 0.0.0.0         gw-wan-ip   0.0.0.0         UG    0      0        0 eth1
> 0.0.0.0         gw-wan-ip   0.0.0.0         UG    0      0        0 eth2
>
> I'm using iptables to nat. The rule is the following
>
> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source x.x.x.x
>
> My main.cf has the following lines
>
> myhostname = server.mi_domain # this is pointing to IP y.y.y.y
> mydomain = mi_domain # this is pointing to IP y.y.y.y
> inet_interfaces = $myhostname, localhost
>
> Anyone know how can I set the postfix outgoing interface?
>

smtp_bind_address=your.ip.add.ress

--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
Reply | Threaded
Open this post in threaded view
|

Re: postfix interface

Gabriel Angel Möll Ibacache
2008/7/31 Robert Schetterer <[hidden email]>:

> Gabriel Angel Möll Ibacache schrieb:
>>
>> Hi everyone!
>>
>> I have a linux box with three interfaces and I want to set postfix
>> outgoing interface to eth2
>>
>> eth0 is conected to LAN
>> eth1 is using a public IP x.x.x.x
>> eth2 is usign a public IP y.y.y.y
>>
>> I 'm using linux box to NAT, and firewall with iptables.
>>
>> The routing tables are
>>
>> # route -n
>> Kernel IP routing table
>> Destination     Gateway         Genmask         Flags Metric Ref    Use
>> Iface
>> wan   0.0.0.0         255.255.255.248 U     0      0        0 eth1
>> wan   0.0.0.0         255.255.255.248 U     0      0        0 eth2
>> lan    0.0.0.0         255.255.255.0   U     0      0        0 br0
>> lan    0.0.0.0         255.255.255.0   U     0      0        0 eth0
>> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0
>> eth2
>> 0.0.0.0         gw-wan-ip   0.0.0.0         UG    0      0        0 eth1
>> 0.0.0.0         gw-wan-ip   0.0.0.0         UG    0      0        0 eth2
>>
>> I'm using iptables to nat. The rule is the following
>>
>> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source x.x.x.x
>>
>> My main.cf has the following lines
>>
>> myhostname = server.mi_domain # this is pointing to IP y.y.y.y
>> mydomain = mi_domain # this is pointing to IP y.y.y.y
>> inet_interfaces = $myhostname, localhost
>>
>> Anyone know how can I set the postfix outgoing interface?
>>
>
> smtp_bind_address=your.ip.add.ress
>
> --
> Best Regards
>
> MfG Robert Schetterer
>
> Germany/Munich/Bavaria
>

Well, I tryed to define smtp_bind_address=y.y.y.y but that didn't
work, maybe because I had the same default router for both IP (x.x.x.x
and y.y.y.y). Or maybe the nat rule in iptables is causing the
redirection to x.x.x.x.

Anyway, I'll test again without iptables.

--
Sin otro particular se despide,
Gabriel Möll Ibacache
Ingeniero Civil en Computación
Reply | Threaded
Open this post in threaded view
|

Re: postfix interface

Barney Desmond
2008/8/1 Gabriel Angel Möll Ibacache <[hidden email]>:
> Well, I tryed to define smtp_bind_address=y.y.y.y but that didn't
> work, maybe because I had the same default router for both IP (x.x.x.x
> and y.y.y.y). Or maybe the nat rule in iptables is causing the
> redirection to x.x.x.x.

You need to make sure you understand the difference between binding to
the source-IP and getting the packets routed out. With
smtp_bind_address, packets will be created with that source address.
Past this point, it's up to the networking stack to figure out which
physical interface it leaves by.

SNAT is a post-routing rule. This means it does something only once
all the routing is done, the outgoing interface has already been
decided.

Linux only does destination-based routing (by default). To make the
packets leave via eth2, make sure that eth2 is the default gateway.
You can check this with something like:

yoshino:~# ip route get to 1.2.3.4
1.2.3.4 via 202.4.232.254 dev eth1  src 202.4.232.67
    cache  mtu 1500 advmss 1460 hoplimit 64

If you don't see the correct device there, you probably need to fix the routing.


-Barney Desmond