Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Linux Virtual Server>
  3. Users
smtp case
ipvsadm at tech
Jan 31, 2001, 3:11 AM
Post #1 of 2 (465 views)
Permalink
Hello,

I am setting up LVS-NAT to do pop3 & smtp service, pop3 seem OK. The problem
is smtp, which I can't send & receive emails with attachment, The qmail
program said ' he can't do translation during the attachment tranfer'
(something like that), actually My LVS is baring firewall duty, my runing
script is

ipchains -F
ipchains -X
ipvsadm -C

ipchains -P input DENY
ipchains -P output DENY

ipchains -A forward -s 192.168.1.0/24 -d 0.0.0.0/0 -j MASQ

ipchains -A input -i eth1 -s 192.168.1.0/24 -j ACCEPT
ipchains -A output -i eth1 -d 192.168.1.0/24 -j ACCEPT

ipvsadm -A -t 203.186.6.8:25 -s rr
ipvsadm -a -t 203.186.6.8:25 -r 192.168.1.100:25 -m

ipchains -A input -p tcp -s 0.0.0.0/0 1024:65535 -d 203.186.6.8/32 25 -j
ACCEPT
ipchains -A output -p tcp ! -y -s 203.186.6.8/32 25 -d 0.0.0.0/0
1024:65535 -j ACCEPT
ipchains -A input -p tcp ! -y -s 0.0.0.0/0 25 -d 0.0.0.0/0 1024:65535 -j
ACCEPT
ipchains -A output -p tcp -s 0.0.0.0/0 1024:65535 -d 0.0.0.0/0 25 -j ACCEPT

ipchains -A output -d 0.0.0.0/0 -j DENY -l
ipchains -A input -s 0.0.0.0/0 -j DENY -l


Is there anything I needed to consider?
Thanks for help
Re: smtp case [ In reply to ]
mack.joseph at epa
Jan 31, 2001, 5:09 AM
Post #2 of 2 (456 views)
Permalink
ipvsadm@tech.olready.com wrote:
>
> Hello,
>
> I am setting up LVS-NAT to do pop3 & smtp service, pop3 seem OK. The problem
> is smtp, which I can't send & receive emails with attachment, The qmail
> program said ' he can't do translation during the attachment tranfer'
> (something like that), actually My LVS is baring firewall duty, my runing
> script is

This is a new one. I don't know. I have no idea about
attachment transfer either. Both google and dejanews don;t
have much to say on the matter either. I would have thought
that the mail went through as one block and the user's mail client would
parse out the attachment.

The usual thing that goes wrong with smtp is that identd is on for the smtp
server (on the real-server) and the server takes a long time to connect
(see the HOWTO). This timeout is 6 secs for slackware through to 2 mins for
RedHat.

Since you are using NAT, the RIP (on the real-server) is not the same IP as
the MX address (the VIP). Can you do a dummy mailing sitting at the console of
the
real-server using the RIP as the target? Can you remove the real-server from
the LVS and put the VIP onto it and use the real-server as an smtp server?

Is qmail opening any other ports? watch with tcpdump.

I have to think long and hard about ipchains rules. Unless you're
more familiar with them than I am, I'd only use enough to get the
LVS working, incase some of them are interferring with the LVS,
and then add them back later.

I assume if you have several real-servers, that you have a common
/var/spool/mail directory for them to write to?

Joe

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal