| 2 IP for one mail server [message #111637] |
Thu, 13 March 2014 11:34  |
billybons2006
Messages: 18
Registered: January 2010
|
|
|
|
I have kerio connect server with two different public IPs (1.1.1.1 and 2.2.2.2).
Task: if one channel down, server works on second one.
mx1.mydomain.ru A 1.1.1.1
mx2.mydomain.ru A 2.2.2.2
mydomain.ru MX 10 mx1.mydomain.ru
mydomain.ru MX 20 mx2.mydomain.ru
1.1.1.1 PTR mydomain.ru
2.2.2.2 PTR mydomain.ru
EHLO = mx1.mydomain.ru
Is these settings right or not? How do we solve this task?
|
|
|
|
| Re: 2 IP for one mail server [message #111659 is a reply to message #111637] |
Thu, 13 March 2014 17:56  |
Bud Durland
Messages: 586
Registered: December 2013
Location: Plattsburgh, NY
|
|
|
|
|
We accomplish this for incoming mail with basic port forwarding at the firewall. The problem is that Kerio will only send mail OUT on one IP; if that channel is down, there will be no outgoing mail.
|
|
|
|
|
|
| Re: 2 IP for one mail server [message #111696 is a reply to message #111685] |
Fri, 14 March 2014 18:53 |
Bud Durland
Messages: 586
Registered: December 2013
Location: Plattsburgh, NY
|
|
|
|
ISP1 (1.1.1.1) ---> Firewall WAN port 1
ISP2 (2.2.2.2) ---> Firewall WAN port 2
NAT Rule: WANPORT1:25 ---> 3.3.3.3 (Mail server address)
NAT Rule: WANPORT2:25 ---> 3.3.3.3
|
|
|
|
| Re: 2 IP for one mail server [message #111706 is a reply to message #111637] |
Sun, 16 March 2014 01:50 |
j.a.duke
Messages: 239
Registered: October 2006
|
|
|
|
billybons2006 wrote on Thu, 13 March 2014 06:34I have kerio connect server with two different public IPs (1.1.1.1 and 2.2.2.2).
Task: if one channel down, server works on second one.
mx1.mydomain.ru A 1.1.1.1
mx2.mydomain.ru A 2.2.2.2
mydomain.ru MX 10 mx1.mydomain.ru
mydomain.ru MX 20 mx2.mydomain.ru
1.1.1.1 PTR mydomain.ru
2.2.2.2 PTR mydomain.ru
EHLO = mx1.mydomain.ru
Is these settings right or not? How do we solve this task?
I think what you really need is a router like an Ecessa Powerlink that not only performs load-balancing between your connections, but also provides failover between connections and DNS services that advertise your mail server based on which connections are available at any give time. It handles all this transparently.
I've used this configuration with great success for a number of years.
Cheers,
Jon
[Updated on: Sun, 16 March 2014 01:50] Report message to a moderator |
|
|
|
| Re: 2 IP for one mail server [message #111713 is a reply to message #111696] |
Mon, 17 March 2014 07:08 |
billybons2006
Messages: 18
Registered: January 2010
|
|
|
|
Bud Durland wrote on Fri, 14 March 2014 21:53ISP1 (1.1.1.1) ---> Firewall WAN port 1
ISP2 (2.2.2.2) ---> Firewall WAN port 2
NAT Rule: WANPORT1:25 ---> 3.3.3.3 (Mail server address)
NAT Rule: WANPORT2:25 ---> 3.3.3.3
For example, IP 3.3.3.3 is manteined by ISP1. If link to ISP1 become unavailable, will 3.3.3.3 stil be accessible via ISP2?
|
|
|
|
| Re: 2 IP for one mail server [message #111714 is a reply to message #111706] |
Mon, 17 March 2014 07:13 |
billybons2006
Messages: 18
Registered: January 2010
|
|
|
|
j.a.duke wrote on Sun, 16 March 2014 04:50
I think what you really need is a router like an Ecessa Powerlink that not only performs load-balancing between your connections, but also provides failover between connections and DNS services that advertise your mail server based on which connections are available at any give time. It handles all this transparently.
Thanks a lot, I am looking for hardware solution too. With understanding of question above (ISP1,2 and 3.3.3.3) it can be very useful!
|
|
|
|
| Re: 2 IP for one mail server [message #111737 is a reply to message #111714] |
Mon, 17 March 2014 16:38 |
j.a.duke
Messages: 239
Registered: October 2006
|
|
|
|
billybons2006 wrote on Mon, 17 March 2014 02:13j.a.duke wrote on Sun, 16 March 2014 04:50
I think what you really need is a router like an Ecessa Powerlink that not only performs load-balancing between your connections, but also provides failover between connections and DNS services that advertise your mail server based on which connections are available at any give time. It handles all this transparently.
Thanks a lot, I am looking for hardware solution too. With understanding of question above (ISP1,2 and 3.3.3.3) it can be very useful!
To confirm the example info, the public facing IPs are 1.1.1.1 and 2.2.2.2. Internal (private, non-routable) IP is 3.3.3.3 (most of us would use 192.168.x.x, 172.16.x.x or 10.x.x.x).
The Powerlink (PL) would be authoritative DNS for your zone and would publish MX records for mail.example.com on 1.1.1.1 and 2.2.2.2.
If the PL detects that ISP 1 (1.1.1.1) isn't available, it would automatically update the DNS records for your zone to indicate that mail should be routed to mail.example.com on 2.2.2.2. When ISP 1 is back up, the PL returns to publishing both addresses as valid MX records.
The way they work the magic is very short TTL on the MX records (I think 120 seconds) as well as always monitoring the individual connections so that failover occurs quickly.
I've been running with various versions of the PL hardware for 9 years and have been very happy with not only the hardware/software combo but also the support that I've received from them.
Cheers,
Jon
|
|
|
|
|
|
Members
Search
Help
Register
Login
Home
