Interesting: How to setup ROUTER and/or FIREWALL that uses DNS

mrcoffee11 · 07-04-2006, 08:45 AM

Hello,

I got my dsl line to the internet. On my LAN I got my mail and webserver. Port 25 and 80 are connected via NAT (dsl router) to my mail- and webserver.

What I want to do is that my DSL router sends the port 25 traffic to a linux router. Then the linux router decides on DNS information (my DNS server on the LAN) where to send the traffic to.

So if my primairy email server with MX 10 record is down then my relay server with MX 20 record will be used automatically.

How do I set up such a router? Using iptables? If that's the case, how do I tell iptables to accept port 25 and redirect it to a mailserver using my internal DNS?

Thanks!

mrcoffee11 · 07-04-2006, 09:47 AM

Is squid a solution?

nlinecomputers · 07-04-2006, 10:13 AM

I don't see how this can be done behind a NAT router. I assume your dsl router is providing NAT? Your NAT router would have to be a mail relay designed to forward all mail to a set internal ip. That would be a function of your MTA not DNS.

OTOH if you could get your email to forward to a named server who's name is only known to an internal DNS server you might be able to carry this out.

mrcoffee11 · 07-04-2006, 10:38 AM

My DSL router supports NAT. Very basic setup. I want to use IPTABLES on Linux if this solves my issue.

If I understand your idea correctly then the NAT router sends the mail to an internal DNS server. That server probably has to contain sendmail so it is used as a the secundairy emailserver I presume? Then this relays the mail to the primairy mail server, or holds it if the primairy is not available. But if the secundairy email server fails then the mail is not received on my LAN and I still have this single point of failure.

Is it so difficult to accept SMTP from WAN to my LAN and decide on the content of my LAN DNS where to send the traffic? Now a mail is send to my domainname, this is forwarded to my home, received on my DSL router. I send it via NAT directly to my mailserver and if my mailserver goes down: problems. I want a secundairy mailserver on my LAN to be my backup. Mail received will be send to my primairy, or else to my secundairy mailserver. Isn't this why we use DNS and MX records? :-)

mrcoffee11 · 07-04-2006, 05:42 PM

Testtesttest

nlinecomputers · 07-04-2006, 06:40 PM

Yes that is why you use DNS records but you keep referring to iptables and I don't see what firewalls have to do with this. SMTP is used to forward mail. You are going to have to have an SMTP server that can been seen from the wan, the real internet, and then forward it to your mailservers on the lan side, either as needed. Another words you need three mailservers. Or you need to put your mail servers, both of them on the wan side of your net. The only thing you can route your mail to is a SMTP/MTA server and that will have to forward to your two internal email servers. You could build a linux router, and replace your hardware router and do this job.

depam · 07-04-2006, 09:07 PM

I think what you need to do is add a MX Record on your DNS entry. In such a way that when the server 1 is down the server 2 will automatically be used.

mrcoffee11 · 07-05-2006, 02:17 AM

I think I get the picture. IPTABLES works on OSI layer 2, 3 and 4. SMTP is layer 7. So have to let a MTA or SMTP server do the routing. And this will use the DNS with the MX records.