On Tue, Dec 11, 2007 at 12:19:22AM +0100, Radek 'Goblin' Pieczonka wrote: > >>> Suppose, I have 3 mail servers @ DMZ zone with one real ip. the situation >>> as before? >>> >>> in that case, What can I do? >>> >> your could use exim/postfix and route the mail to the right server, but I >> guess you are trying to find out how to have port 25 on the real ip nat'ed >> to one of the 3 dmz'ed ip based upon the destination mail address >> >> short answer you can't as far as I know, iptables only looks at src ip / >> src port & dest ip/dest port. You could write your own plugin module to >> look into the tcp stream. >> > > based upon destination email address/domain could be done by postfix and > transports for selected mail/domain to selected server. but there is also a > possibility of load balancing and failover for set of domains with all > servers working with all the domains for HA and flexibility of computing > power, then id say take a look at keepalived for both those features. for > http traffic its actually the same, and also you can consider apache > reverse proxy feature. he only has 1 real ip [silly idea] of course could be really tricky and use an ipv6 to ipv4 address and name all the dmz servers with ipv6 (in dns as well), really relying upon clients to be ipv6 enable [/silly idea] > > -- > Radek aka Goblin > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc