From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Radek 'Goblin' Pieczonka" Date: Mon, 10 Dec 2007 23:19:22 +0000 Subject: Re: [LARTC] PAT HOW to - IPTABLES Message-Id: <475DC97A.50102@pentex.pl> List-Id: References: <7ed6b0aa0712100220n57ea0e54x628d539621cb6b35@mail.gmail.com> In-Reply-To: <7ed6b0aa0712100220n57ea0e54x628d539621cb6b35@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org >> Suppose, I have 3 mail servers @ DMZ zone with one real ip. the situation >> as before? >> >> in that case, What can I do? >> > your could use exim/postfix and route the mail to the right server, but I guess > you are trying to find out how to have port 25 on the real ip nat'ed to one of > the 3 dmz'ed ip based upon the destination mail address > > short answer you can't as far as I know, iptables only looks at src ip / src > port & dest ip/dest port. You could write your own plugin module to look into > the tcp stream. > based upon destination email address/domain could be done by postfix and transports for selected mail/domain to selected server. but there is also a possibility of load balancing and failover for set of domains with all servers working with all the domains for HA and flexibility of computing power, then id say take a look at keepalived for both those features. for http traffic its actually the same, and also you can consider apache reverse proxy feature. -- Radek aka Goblin _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc