[afnog] SMTP Traffic Redirect
Brian Candler
B.Candler at pobox.com
Fri Jun 11 14:54:45 UTC 2010
On Thu, Jun 10, 2010 at 04:40:54PM +0200, Fredy Kuenzler wrote:
> Am 10.06.2010 11:12, schrieb Christian Muhirwa:
> >However I was wondering if solution #3 (2) would work for me since my
> >SMTP server is not a next-hop to the router, it's three hops away on a
> >different subnet.
>
> That should not be a problem, as long as the next hop router has a route
> (best path) to the SMTP server.
I think the question was about *transparent* redirection of SMTP (i.e.
client connects outbound to any address x.x.x.x port 25 on the Internet, and
this gets forced into the local SMTP relay instead)
I can think of three options:
1. Rewrite the destination address of the packets to be the SMTP server's
address (NAT).
2. Plug in another NIC to the SMTP server and connect it to a subnet which
the router is directly connected to (or trunk a VLAN through).
3. Set up a tunnel interface between the router and the SMTP server, e.g.
IP-IP or GRE, and policy-route the traffic down that.
Option 1 is widely implemented by "load balancer" type appliances, but
implementing it on a regular router might be more challenging. You also have
to arrange that the return traffic from the SMTP server to the client goes
back via the same path for de-NATing, which can be tricky.
Setting up an IP-IP tunnel under FreeBSD or Linux is pretty straightforward,
and may be the best option here given that the SMTP server is several hops
away. Make sure you set a suitably low MTU on the remote endpoint (e.g.
1480 for ipip / RFC1853) to avoid PMTU discovery problems.
HTH,
Brian.
More information about the afnog
mailing list