|
Kees Hoekzema wrote:
>> -----Original Message-----
>> I'm just typing the commands in the telnet session to see whether if
>> the real server receives them at all. Doesn't seem to be the case, yet
>> there is tcp traffic going al the way. And no, there's no banner, nor
>> do I see the data in the tshark log (the TCP Retransmits).
>
> What happens if you test it, without testing the SMTP server?
> If you shut down the SMTP server and run 'nc -p 25 -l' (netcat)
Interesting things happen when I do this:
mx-node01:~# nc -p 25 -l
client:~# nc 80.1.1.10 25
When I type text in the client nc session, this text shows up on the
realserver netcat session.
When I type text in the *realserver* netcat session, it *doesn't* show
up at the client netcat session.
It is as if the data in the tcp session is one-way, e.g. data only goes
from client -> server.
> in the netcat, you should see in the telnet client. If that works, it seems
> like a problem with the mailserver rather than the loadbalancer.
Clearly not a mailserver issue then :)
> Anyway, I had a similar problem with the IP's from the mailservers not
> matching the address they had. mail.domain.net resolved to x.x.x.11, while
> mail from the mailserver behind the NAT came from x.x.x.3. I fixed that by
> adding:
> iptables --table nat --append POSTROUTING --source $mailserverRIP --jump
> SNAT --to-source x.x.x.11
>
> While I also had:
> iptables --table nat --append POSTROUTING --source $internalNetwork --jump
> MASQUERADE
>
> (make sure the DNAT rule is before the MASQ rule)
> That solved the problem of mails send from the realservers not having the
> same IP.
>
> I hope that was useful, good luck testing!
These rules didn't solve aforementioned issue, but thanks for the input;
I'm sure I'll need it later!
|
