Announcement

Collapse
No announcement yet.

Postfix Smtp Outgoing IP Rotator using iptables

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Postfix Smtp Outgoing IP Rotator using iptables

    This is the scheme

    e.g:

    I got 5 Public IPs. i’m Gonna configure them, so Postfix can use multiple interfaces/ips for outgoing smtp connections.

    First we need creating Interface aliases for those 5 public IPs.

    In my system, using fedora:

    cd /etc/sysconfig/network-scripts/
    cp ifcfg-eth0 ifcfg-eth0:1

    # vi ifcfg-eth0\:1
    DEVICE=eth0 <-- default device
    HWADDR=XX:XX:XX:XX:XX:XX
    ONBOOT=yes
    TYPE=Ethernet
    BOOTPROTO=none
    IPADDR=202.XXX.XX.2 <-- default eth0 IP address
    PREFIX=24
    GATEWAY=202.XXX.XX.1
    DNS1=202.XXX.XX.XX


    Change DEVICE and IPADDR parameters

    DEVICE=eth0:1 <-- device alias #1
    HWADDR=XX:XX:XX:XX:XX:XX
    ONBOOT=yes
    TYPE=Ethernet
    BOOTPROTO=none
    IPADDR=202.XXX.XX.3 <-- IP alias #1
    PREFIX=24
    GATEWAY=202.XXX.XX.1
    DNS1=202.XXX.XX.XX


    We can continue with next interfaces for IP aliases same way as mention above.

    when we were done, bring those IP aliases up.


    ifup eth0:1
    ifup eth0:2
    ifup eth0:3
    ifup eth0:4
    ......
    next interfaces


    Check if interfaces is up


    #ifconfig
    eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
    inet addr:202.XXX.XX.2 Bcast:202.XXX.XX.255 Mask:255.255.255.0
    inet6 addr: fe80::20c:29ff:feb0:e91/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:598678 errors:0 dropped:0 overruns:0 frame:0
    TX packets:26348 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:49088016 (46.8 MiB) TX bytes:7707579 (7.3 MiB)

    eth0:1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
    inet addr:202.XXX.XX.3 Bcast:202.XXX.XX.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    eth0:2 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
    inet addr:202.XXX.XX.4 Bcast:202.XXX.XX.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    eth0:3 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
    inet addr:202.XXX.XX.5 Bcast:202.XXX.XX.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    ......
    and so on


    There’s no particular configuration need to adjust in postfix.

    Now the iptables part.make sure your iptables support for statistic match module.


    # iptables -m statistic -h
    ......
    ......
    ......
    statistic match options:
    --mode mode Match mode (random, nth)
    random mode:
    --probability p Probability
    nth mode:
    --every n Match every nth packet
    --packet p Initial counter value (0 <= p <= n-1, default 0)

    Next continue with iptables rule for rotating source IP addresses.


    # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.2
    # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.3
    # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.4
    # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.5
    # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.6

    done
Working...
X