WAN2 SMTP not working to mail server like WAN1 does.

Posted on 2014-09-30
Medium Priority
Last Modified: 2014-10-18
Hey All ... Draytek 2925 - 2x Infinty lines

Scenario is:

WAN1 Line 1 - Internet Provider - Port 25 goes in and out and is MX1 on domain name
WAN2 Line 2 - Internet Provider - Port 25 goes in and out and is MX2 on domain name

Client has an issue with line 1/WAN1 and email routing as the MX has an issue. BUT.. mx 2 is meant to take care of this.

But the 2nd ip to route ip to the SAME mail server. Is there some ip table mapping going wrong somewhere.

No clever mapping.. Just 2x lines and some port redirection going on... NOT even vpn.

Why would this not simply work after putting in port redirection rules to WAN2

IPS are all good.. I can remote manage the router on the WAN2 IP so I know it is getting to the router, but then NOT to the mail server.

Many thanks in advance and asap.

Question by:roycasella
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40352175
Have you setup Port Forwarding on WAN1 AND WAN2 for port 25?

Have you got multiple IP's setup on each WAN link and have you chosen the right WAN port / IP Address for the relevant Open Port rule?

Are both WAN ports active together or has one been configured as failover?


Author Comment

ID: 40352260
Yes, port 25 on the correct WAN IP is all gone. Triple checked.

I have now got it working but I had to kill WAN1 to get WAN2 to kick in.

I have now put WAN1 backup and made it Always On with load balance ticked.

The original configuration had this in reverse yet no joy... Very odd.

I am loathed to try it back the other way at 15:33 and I leave in 20 minutes :P

LVL 76

Expert Comment

by:Alan Hardisty
ID: 40352277
Random!  As long as they are both Always On - they should both work together, but sometimes a hard reboot (power off / on) can help the config kick in properly.
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.


Author Comment

ID: 40352662
If I put them to Always On... then I get NO INTERNET... VOIP phones fall off, web surfing etc...

Its as if the Draytek cannot work out, which connection to use.

In an odd combination if I put WAN1 on load balance and not the other way it works.

Alan, could you advise in simple terms how you would set up to achieve the following.

WAN1 is used for all communications in and out. Web/ Email / FTP / VOIP etc...
WAN2 is used for additional WEB surfing and FTP when the demand is great and receives email and remote connections  via this also.

I just want to ensure I am not under or over engineering this because my random results are making me question my settings :).

Thanks in advance

LVL 76

Expert Comment

by:Alan Hardisty
ID: 40352854
You would have to setup the Load Balance/Route Policy outbound to allow specific traffic out of one WAN link or the other for specific ports.  If you allow Web traffic out both ports using Load Balancing you could end up with some secure sites getting your traffic over both WAN IP's for the same connection and that would probably upset the web site.

Inbound on both shouldn't be a problem, but outbound on both would be unless you either set the links up as Failover or Load Balanced.

You could split your network in two and send half the users down one WAN link and half down the other then fail them over to the other WAN link if one goes down.

Does that make sense?

LVL 46

Expert Comment

by:Craig Beck
ID: 40353108
If you are setting the WAN links as load-balanced this won't work well, if at all.  As Alan said, some websites (particularly HTTPS) will break and anything that comes inbound will also get upset.

The SMTP traffic will be distributed across both lines.  If a packet is received at a remote SMTP server from an unexpected IP (the other WAN IP) it will likely drop the connection, especially if the SMTP session is authenticated.

You should only rely on the second MX address if the WAN1 circuit dies and the Draytek router actually acknowledges that the circuit is down, otherwise the router will always try to pass traffic over WAN1 in a load-balance configuration or in a failover configuration where WAN1 is the primary circuit.  If your MX priorities are configured correctly all SMTP traffic will only ever be routed inbound via WAN1 (or whichever circuit is primary) anyway, so I'd be tempted to drop WAN1 for a bit and test connectivity to the SMTP server via WAN2.  IF you set the same priority for 2 MXs you should make sure that they are two completely different servers.

Author Comment

ID: 40353182
thanks for both of your comments.

I hear the comment about the websites and ssl.. I had hoped than the Draytek would simply jump onto WAN2 for a users session if WAN1 was gettinng rinsed due to FTP or something,

Hear the comments about MX etc... It is configured with a priority of 0 for WAN1 and 10 for WAN2 so thats all in place. However, I was not getting WAN1 to fail.

The setup is two BT infinity Fibres. So they are PPPOE to the devices and it seems that the Draytek does not like to see them as fallen over to easily at all. This is my experience so I am unsure if the fail over will truly work.

I would be happy with the following scenario which is what I believed I had setup, but my odd results proved otherwise and my current reverse scenario too.

WAN 1 - Does all web, ftp, RDP and smtp traffic in and out
WAN 2 - Is used as a failover, but MUST receive RDP and SMTP traffic at any point, because WAN 1 might be up ok but there is something wrong with the mail delivery service, hence why I want WAN 2 to always be accepting and NOT kicking in just because WAN 1 does not work.

I believe this is possible as I am doing this now in reverse, but not extensively tested switching off WAN 2 as I was just happy getting mail in before I had to leave the site :).

They both need to be on with a preference for WAN 1 unless WAN 1 is unavailable, but both receive on INCOMING.

Thanks to both of you. Please advise on steps for above.

Many thanks in advance.

LVL 46

Accepted Solution

Craig Beck earned 2000 total points
ID: 40353291
Unfortunately it's not as simple as "it works outbound so it should work inbound".  Unless your primary MX is unreachable SMTP will never come in to WAN2 as the sending SMTP server will never attempt to send via the secondary MX IP.

In any event, when you use a circuit as a failover it won't send or receive any traffic unless the primary is flagged as failed.  I believe you can do two types of circuit tracking on the Draytek router - ARP or PING.  In your case, PING would be the better choice.  You can tell the WAN1 circuit to monitor an external IP address, something like, and that will be enough to let the router know if the circuit is down, whether the PPPoE session drops or not.  This setup will mean that your MX configuration works fine and traffic to the SMTP server will automatically be routed inbound via WAN2 if WAN1 fails.

Author Closing Comment

ID: 40388713
Thank you

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
This video discusses moving either the default database or any database to a new volume.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question