Solved

Multiple PPP IPForwarding...

Posted on 1998-05-01
2
249 Views
Last Modified: 2010-03-18
We are trying to set up two PPP's, to two different ISP's, one of which (ppp1) will carry all of our LAN's internet mail (smtp -25, pop3 -110) traffic, and the other (ppp0) the balance of our internet traffic (http, ftp, etc.)

The mail (ppp1) connection is full time, the "rest" (ppp0) is dial-on-demand (diald, already working fine).

We already have the "mail only" IPForwarding rules sorted, so we are looking for the "exclude mail" rules, as well as the rules to ensure that traffic is routed to the correct port.

An extra problem is that it seems that if you have ppp0, then ppp1, both are recognised, but if you only start ppp1, the system thinks it is ppp0!

We are running RH5.0, 486/66, 24Mb, 1 x NE2000 (eth0), and 2 x modems.
0
Comment
Question by:Spikeman050198
2 Comments
 
LVL 1

Accepted Solution

by:
mrausch earned 50 total points
ID: 1584106
> looking for the "exclude mail" rules, as well as the rules to

I suppose with "mail only" rules, you allow connections from the
outside to port 25 on your side, and from your side to port 25
on any machine on the outside, denying the rest. When you want
to disallow mail traffic (that's what you problaby mean with
"exclude mail" rules) just invert that. Deny traffic to/from
port 25 and allow all the rest.

> ensure that traffic is routed to the correct port.

Here you want a policy-based routing. Later 2.1 kernels are
able to do this, but these development kernels are probably not
something you want to use for stability reasons.
Probably the easiest way is to set up another box which carries
the dedicated mail ppp link and let your first machine forward
all mail traffic to the second one. On the first on, you now have
an default route via what was ppp1 before, and mail is forwarded
to box #2, which has an default route to what was ppp0 before.
If this second box is no choice, perhaps you can ask your ISP
to do primary MX for you, and let his mail server relay the
data to you.

Re. your last problem, you can specify the interface address
instead of the interface name in the ipfwadm rules, that is
just give "ipfadm <thisandthat> -V address.of.ppp0.interface"
instead of "ipfwadm <thisandthat> -W ppp0"


0
 

Author Comment

by:Spikeman050198
ID: 1584107
We still need a bit more information on this one...
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now