We help IT Professionals succeed at work.

Dual ISP to single mail server

hpeet
hpeet asked
on
293 Views
Last Modified: 2010-03-18
Hello;

I have to internet connection one on cable and one DSL each has a firewall with DMZ. I have a mail server and a web server in the DMZ both have dual NIC's (only one currently configured), My question is can I configure the email and web server so that when a connection coming from the Cable Internet provide is requested the response goes to the cable firewall and if a request comes from the DSL provider the reply goes to the DSL firewall and out.

Sorry this is a little muddle description, what I want to do is use the DSL as the primary access to mail and web services in the DMZ, if the DSL goes down I would like to maintain access but know going through the Cable provider, this does not need to be dynamic for example www.domain.com is the DSL connection and goes down they could still access through www2.domain.com and using mail MX record having the second mx point to the cable IP address.

Any thoughts would be appreciated.
Comment
Watch Question

Erik BjersPrincipal Systems Administrator

Commented:
What firewalls are you using?  You may need to configure clustering on the firewalls inorder for this to work corectly.

Also your public name server (or whoever hosts your domains servers) will need to have web server records for each IP address as well as mx records for each ip

YOu can have the same server registed to 2 different IPs

Author

Commented:
The firewalls are WatchGuard one is Firebox III 700 and the other Firebox X 700.

We handle the DNS so the A records and MX records are no problem.

Thanks
Erik BjersPrincipal Systems Administrator

Commented:
I'm not sure if the firebox supports clustering, but usualy you would need to the exact same modle to cluster anyways so that's out.

put in the A and MX records as follows

A for DLS
A for Cable

MX for DSL
MX for Cable

this way anyone connecting to your site should get the DSL IP first and if that one does not respond it should automaticaly go to the other.

you may also want to configure 2 NICs on your server, one attached to each firewall, this way you insure that inbound traffic goes back out the same way it came in...

Author

Commented:
      I have configured the DMZ port on the one firewall #1 to 10.10.10.1 and then conected it to one of the nic's in the server, the server nic I specified 10.10.10.10 IP with gateway 10.10.10.1 metric 1.

The second firewall I configured the DMZ address as 10.20.10.1 and then connected it the the second nic on the server configured as 10.20.10.10 with gateway 10.20.10.1 metric 2.

Connection coming in on Firewall #1 works fine.

Connection coming in on Firewall #2 tries to reply using firewall #1 so connection fails.

I don't know if adding a VLAN between the firewalls and the server would resolve this issue or not?

Thanks
Erik BjersPrincipal Systems Administrator

Commented:
Best solution

CBL SERVICE    DSL SERVICE
        |                     |
        |                     |
 FIREWALL 1     FIREWALL 2
        |                     |        
        |                     |
SERVER NIC 1  SERVER NIC 2

This way traffic comming from DSL goes back out DSL, traffic comming from CBL goes back out CBL

Author

Commented:
I tried that but it does not seem to work, I have them on different networks should they be on the same network and only specify a gateway on one of the NIC,s?

CBL SERVICE                                DSL SERVICE
        |                                                 |
        |                                                 |
 FIREWALL 1   10.10.10.1               FIREWALL 2   10.20.10.1
        |                                                 |        
        |                                                 |
SERVER NIC 1                               SERVER NIC 2
   10.10.10.10                               10.20.10.10
   255.255.255.0                           255.255.255.0
GW    10.10.10.1 (1)             GW    10.20.10.1 (2)    

Thanks
Principal Systems Administrator
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
If your ISP forwards all your mail via SMTP (most offer this service) rather than it going directly from the internet to your mail server, you can add static routes for both your ISP's mail servers to ensure that packets leave out the right device.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.