Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Multiple External IP's & multiple Web-Servers (Assign external IP to internal IP on same Interface )
  •  
walter

Messages: 12
Karma: 3
Send a private message to this user
Hello,

I have the following situation at a customer's site:

One external link providing multiple IP-addressesa (.224 mask).

On site there are multiple webservers all listening on ports 80 & 443
Each webserver is designated to one of the external IP's.

The only solution I found working was to use several physical interfaces and connect through an eth. switch to the WAN-Interface.

If I use multiple IP's on one interface, I can route incoming traffic to the servers. But: outgoing traffic always uses the base IP of the interface instead of using the appropriate external IP.

But: now the number increases and I can't provide 30 phys. ifc's.

Does anyone have an idea how to do this?
Btw.: I configured a simple router (rs-120 by bintec/teldat) with some NAT rules and it does the job without a problem.

best regards

Walter
  •  
germanr

Messages: 293

Karma: 7
Send a private message to this user
See chapter 9.4. multihoming. In the destination of the traffic rules you have to put the external ip for each one. That way you can have several web servers on different ips on port 80 and all with one nic with various ips
http://manuals.kerio.com/control/adminguide/en/sect-rulesex. html

[Updated on: Fri, 01 June 2012 04:49]


German Ruiz
Home & Office
Kerio Prefered Partner
Uruguay
  •  
walter

Messages: 12
Karma: 3
Send a private message to this user
Right, that's the rule defining access from the outside. Traffic from the internet to the servers is no problem.

But: outgoing traffic from both servers uses the base address of the external interface. That's the problem.

e.g. with 2 SMTP servers that need different MX entries or FTP-Servers:

Base address ist 193.xxx.xxx.1
SMTP server 1 : 193.xxx.xxx.10
SMTP server 2 : 193.xxx.xxx.11
FTP server 1 : 193.xxx.xxx.12
FTP server 2 : 193.xxx.xxx.13

Incoming rule is no problem.
Outgoing traffic always uses 193.xxx.xxx.1 -> problems with mailservers checking for MX entries (like Connect) and no FTP transfers because of forged traffic.

My problem is the outgoing rule for a situation like this.
I tried with linux and Windows, same results on both.
The only way to route the traffic to the right IP was to assign the IP's each to different physical NICs and define a rule with server as source and the interface as destination.

[Updated on: Fri, 01 June 2012 22:55]

  •  
germanr

Messages: 293

Karma: 7
Send a private message to this user
I am sorry if I do not understand correctly your issue. If you want your outgoing servers to go out from a specific IP address you should set it the trafic rules in the NAT section like in the attached image. There you can specify if the outgoing traffic of a rule is done by a specified internet link and the ip address also.
Is that what you want?

Regards


German Ruiz
Home & Office
Kerio Prefered Partner
Uruguay
Previous Topic: Block www.facebook.com
Next Topic: Antivirus Server error: Antivirus update has failed: old Sophos engine detected.
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Aug 18 10:51:06 CEST 2017

Total time taken to generate the page: 0.00390 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.