hpeet
asked on
Dual ISP to single mail server
Hello;
I have to internet connection one on cable and one DSL each has a firewall with DMZ. I have a mail server and a web server in the DMZ both have dual NIC's (only one currently configured), My question is can I configure the email and web server so that when a connection coming from the Cable Internet provide is requested the response goes to the cable firewall and if a request comes from the DSL provider the reply goes to the DSL firewall and out.
Sorry this is a little muddle description, what I want to do is use the DSL as the primary access to mail and web services in the DMZ, if the DSL goes down I would like to maintain access but know going through the Cable provider, this does not need to be dynamic for example www.domain.com is the DSL connection and goes down they could still access through www2.domain.com and using mail MX record having the second mx point to the cable IP address.
Any thoughts would be appreciated.
I have to internet connection one on cable and one DSL each has a firewall with DMZ. I have a mail server and a web server in the DMZ both have dual NIC's (only one currently configured), My question is can I configure the email and web server so that when a connection coming from the Cable Internet provide is requested the response goes to the cable firewall and if a request comes from the DSL provider the reply goes to the DSL firewall and out.
Sorry this is a little muddle description, what I want to do is use the DSL as the primary access to mail and web services in the DMZ, if the DSL goes down I would like to maintain access but know going through the Cable provider, this does not need to be dynamic for example www.domain.com is the DSL connection and goes down they could still access through www2.domain.com and using mail MX record having the second mx point to the cable IP address.
Any thoughts would be appreciated.
ASKER
The firewalls are WatchGuard one is Firebox III 700 and the other Firebox X 700.
We handle the DNS so the A records and MX records are no problem.
Thanks
We handle the DNS so the A records and MX records are no problem.
Thanks
I'm not sure if the firebox supports clustering, but usualy you would need to the exact same modle to cluster anyways so that's out.
put in the A and MX records as follows
A for DLS
A for Cable
MX for DSL
MX for Cable
this way anyone connecting to your site should get the DSL IP first and if that one does not respond it should automaticaly go to the other.
you may also want to configure 2 NICs on your server, one attached to each firewall, this way you insure that inbound traffic goes back out the same way it came in...
put in the A and MX records as follows
A for DLS
A for Cable
MX for DSL
MX for Cable
this way anyone connecting to your site should get the DSL IP first and if that one does not respond it should automaticaly go to the other.
you may also want to configure 2 NICs on your server, one attached to each firewall, this way you insure that inbound traffic goes back out the same way it came in...
ASKER
I have configured the DMZ port on the one firewall #1 to 10.10.10.1 and then conected it to one of the nic's in the server, the server nic I specified 10.10.10.10 IP with gateway 10.10.10.1 metric 1.
The second firewall I configured the DMZ address as 10.20.10.1 and then connected it the the second nic on the server configured as 10.20.10.10 with gateway 10.20.10.1 metric 2.
Connection coming in on Firewall #1 works fine.
Connection coming in on Firewall #2 tries to reply using firewall #1 so connection fails.
I don't know if adding a VLAN between the firewalls and the server would resolve this issue or not?
Thanks
The second firewall I configured the DMZ address as 10.20.10.1 and then connected it the the second nic on the server configured as 10.20.10.10 with gateway 10.20.10.1 metric 2.
Connection coming in on Firewall #1 works fine.
Connection coming in on Firewall #2 tries to reply using firewall #1 so connection fails.
I don't know if adding a VLAN between the firewalls and the server would resolve this issue or not?
Thanks
Best solution
CBL SERVICE DSL SERVICE
| |
| |
FIREWALL 1 FIREWALL 2
| |
| |
SERVER NIC 1 SERVER NIC 2
This way traffic comming from DSL goes back out DSL, traffic comming from CBL goes back out CBL
CBL SERVICE DSL SERVICE
| |
| |
FIREWALL 1 FIREWALL 2
| |
| |
SERVER NIC 1 SERVER NIC 2
This way traffic comming from DSL goes back out DSL, traffic comming from CBL goes back out CBL
ASKER
I tried that but it does not seem to work, I have them on different networks should they be on the same network and only specify a gateway on one of the NIC,s?
CBL SERVICE DSL SERVICE
| |
| |
FIREWALL 1 10.10.10.1 FIREWALL 2 10.20.10.1
| |
| |
SERVER NIC 1 SERVER NIC 2
10.10.10.10 10.20.10.10
255.255.255.0 255.255.255.0
GW 10.10.10.1 (1) GW 10.20.10.1 (2)
Thanks
CBL SERVICE DSL SERVICE
| |
| |
FIREWALL 1 10.10.10.1 FIREWALL 2 10.20.10.1
| |
| |
SERVER NIC 1 SERVER NIC 2
10.10.10.10 10.20.10.10
255.255.255.0 255.255.255.0
GW 10.10.10.1 (1) GW 10.20.10.1 (2)
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If your ISP forwards all your mail via SMTP (most offer this service) rather than it going directly from the internet to your mail server, you can add static routes for both your ISP's mail servers to ensure that packets leave out the right device.
Also your public name server (or whoever hosts your domains servers) will need to have web server records for each IP address as well as mx records for each ip
YOu can have the same server registed to 2 different IPs