Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.
COURSE of the MONTH
13 days, 13 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Query on clustering and IP addresses
Posted on 2009-04-09
Hi Forum,
I have installed a Windows 2008 2-node cluster for SMTP purposes.
Node1: 192.168.1.1
Node2: 192.168.1.2
Cluster1: 192.168.1.3
Cluster1 is the clustered address/hostname. All three are registered in DNS.
Applications on our network will be configured to use an SMTP server of: Cluster1 (or 192.168.1.3 if we need to specify an IP).
We have some ports of the network that are not accessible due a firewall being placed between that subnet and the rest. So, for example, Server1 in a restricted subnet needs to send SMTP mail. We'll need to open port 25, but to what destination, 192.168.1.1 and 192.168.1.2, or those AND 192.168.1.3, or just 192.168.1.3 only?
Thanks in advance.
I have installed a Windows 2008 2-node cluster for SMTP purposes.
Node1: 192.168.1.1
Node2: 192.168.1.2
Cluster1: 192.168.1.3
Cluster1 is the clustered address/hostname. All three are registered in DNS.
Applications on our network will be configured to use an SMTP server of: Cluster1 (or 192.168.1.3 if we need to specify an IP).
We have some ports of the network that are not accessible due a firewall being placed between that subnet and the rest. So, for example, Server1 in a restricted subnet needs to send SMTP mail. We'll need to open port 25, but to what destination, 192.168.1.1 and 192.168.1.2, or those AND 192.168.1.3, or just 192.168.1.3 only?
Thanks in advance.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4-
2
7 Comments
You should be able to open the firewall to point to the cluster address only being as the nodes in the cluster will listen on the cluster IP for all clustered traffic.
hi,
I believe you need another name/address: the application one
node1, points to node1
node2, points to node3
cluster is just to manage it from you
Application1 192.168.1.4
Now you have to use cluster: build a resource group as Fileserver, SMTP, SQL server,...
and depending of type, give networkname,ipadress,resou
and inform users, firewall, dns, ecc about Application1 and/or 192.168.1.4
Then will be a problem of MSCS to run Applicatio01 on node1 or 2.
bye
vic
I believe you need another name/address: the application one
node1, points to node1
node2, points to node3
cluster is just to manage it from you
Application1 192.168.1.4
Now you have to use cluster: build a resource group as Fileserver, SMTP, SQL server,...
and depending of type, give networkname,ipadress,resou
and inform users, firewall, dns, ecc about Application1 and/or 192.168.1.4
Then will be a problem of MSCS to run Applicatio01 on node1 or 2.
bye
vic
This is true. I was assuming you had already clustered the application and the IP was the application's cluster IP.
Sorry guys - I should have mentioned, this is Windows 2008 NLB clustering I am using, not the hardware type clustering where you have resource groups, networkname etc
The cluster address should still receive the traffic because if you send traffic to the node addresses one of two (or both) things will happen:
1) Only the node will receive the traffic
2) Neither node will receive the traffic because it's a Unicast cluster and the node addresses are management only.
1) Only the node will receive the traffic
2) Neither node will receive the traffic because it's a Unicast cluster and the node addresses are management only.
Yep it's set up as a Unicast cluster.
So the only IP I need to open up on my firewall is the cluster address? Just to confirm :)
So the only IP I need to open up on my firewall is the cluster address? Just to confirm :)
Featured Post
Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Background Information
Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month13 days, 13 hours left to enroll
800 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.