Solved

Multiple PPP IPForwarding...

Posted on 1998-05-01
2
253 Views
Last Modified: 2010-03-18
We are trying to set up two PPP's, to two different ISP's, one of which (ppp1) will carry all of our LAN's internet mail (smtp -25, pop3 -110) traffic, and the other (ppp0) the balance of our internet traffic (http, ftp, etc.)

The mail (ppp1) connection is full time, the "rest" (ppp0) is dial-on-demand (diald, already working fine).

We already have the "mail only" IPForwarding rules sorted, so we are looking for the "exclude mail" rules, as well as the rules to ensure that traffic is routed to the correct port.

An extra problem is that it seems that if you have ppp0, then ppp1, both are recognised, but if you only start ppp1, the system thinks it is ppp0!

We are running RH5.0, 486/66, 24Mb, 1 x NE2000 (eth0), and 2 x modems.
0
Comment
Question by:Spikeman050198
2 Comments
 
LVL 1

Accepted Solution

by:
mrausch earned 50 total points
ID: 1584106
> looking for the "exclude mail" rules, as well as the rules to

I suppose with "mail only" rules, you allow connections from the
outside to port 25 on your side, and from your side to port 25
on any machine on the outside, denying the rest. When you want
to disallow mail traffic (that's what you problaby mean with
"exclude mail" rules) just invert that. Deny traffic to/from
port 25 and allow all the rest.

> ensure that traffic is routed to the correct port.

Here you want a policy-based routing. Later 2.1 kernels are
able to do this, but these development kernels are probably not
something you want to use for stability reasons.
Probably the easiest way is to set up another box which carries
the dedicated mail ppp link and let your first machine forward
all mail traffic to the second one. On the first on, you now have
an default route via what was ppp1 before, and mail is forwarded
to box #2, which has an default route to what was ppp0 before.
If this second box is no choice, perhaps you can ask your ISP
to do primary MX for you, and let his mail server relay the
data to you.

Re. your last problem, you can specify the interface address
instead of the interface name in the ipfwadm rules, that is
just give "ipfadm <thisandthat> -V address.of.ppp0.interface"
instead of "ipfwadm <thisandthat> -W ppp0"


0
 

Author Comment

by:Spikeman050198
ID: 1584107
We still need a bit more information on this one...
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question