Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » 2 IP for one mail server (How to organise right main and backup internet connections...)
  •  
billybons2006

Messages: 20
Karma: 1
Send a private message to this user
Could you make an example?

[Updated on: Fri, 14 March 2014 12:47]

  •  
Bud Durland

Messages: 387
Karma: 42
Send a private message to this user
ISP1 (1.1.1.1) ---> Firewall WAN port 1
ISP2 (2.2.2.2) ---> Firewall WAN port 2
NAT Rule: WANPORT1:25 ---> 3.3.3.3 (Mail server address)
NAT Rule: WANPORT2:25 ---> 3.3.3.3

  •  
j.a.duke

Messages: 351
Karma: 11
Send a private message to this user
billybons2006 wrote on Thu, 13 March 2014 06:34
I have kerio connect server with two different public IPs (1.1.1.1 and 2.2.2.2).
Task: if one channel down, server works on second one.

mx1.mydomain.ru  A 1.1.1.1 
mx2.mydomain.ru  A 2.2.2.2 
mydomain.ru  MX 10 mx1.mydomain.ru 
mydomain.ru  MX 20 mx2.mydomain.ru
1.1.1.1  PTR  mydomain.ru 
2.2.2.2  PTR  mydomain.ru

EHLO = mx1.mydomain.ru


Is these settings right or not? How do we solve this task?


I think what you really need is a router like an Ecessa Powerlink that not only performs load-balancing between your connections, but also provides failover between connections and DNS services that advertise your mail server based on which connections are available at any give time. It handles all this transparently.

I've used this configuration with great success for a number of years.

Cheers,
Jon

[Updated on: Sun, 16 March 2014 01:50]

  •  
billybons2006

Messages: 20
Karma: 1
Send a private message to this user
Bud Durland wrote on Fri, 14 March 2014 21:53
ISP1 (1.1.1.1) ---> Firewall WAN port 1
ISP2 (2.2.2.2) ---> Firewall WAN port 2
NAT Rule: WANPORT1:25 ---> 3.3.3.3 (Mail server address)
NAT Rule: WANPORT2:25 ---> 3.3.3.3


For example, IP 3.3.3.3 is manteined by ISP1. If link to ISP1 become unavailable, will 3.3.3.3 stil be accessible via ISP2?
  •  
billybons2006

Messages: 20
Karma: 1
Send a private message to this user
j.a.duke wrote on Sun, 16 March 2014 04:50

I think what you really need is a router like an Ecessa Powerlink that not only performs load-balancing between your connections, but also provides failover between connections and DNS services that advertise your mail server based on which connections are available at any give time. It handles all this transparently.


Thanks a lot, I am looking for hardware solution too. With understanding of question above (ISP1,2 and 3.3.3.3) it can be very useful!
  •  
j.a.duke

Messages: 351
Karma: 11
Send a private message to this user
billybons2006 wrote on Mon, 17 March 2014 02:13
j.a.duke wrote on Sun, 16 March 2014 04:50

I think what you really need is a router like an Ecessa Powerlink that not only performs load-balancing between your connections, but also provides failover between connections and DNS services that advertise your mail server based on which connections are available at any give time. It handles all this transparently.


Thanks a lot, I am looking for hardware solution too. With understanding of question above (ISP1,2 and 3.3.3.3) it can be very useful!


To confirm the example info, the public facing IPs are 1.1.1.1 and 2.2.2.2. Internal (private, non-routable) IP is 3.3.3.3 (most of us would use 192.168.x.x, 172.16.x.x or 10.x.x.x).

The Powerlink (PL) would be authoritative DNS for your zone and would publish MX records for mail.example.com on 1.1.1.1 and 2.2.2.2.

If the PL detects that ISP 1 (1.1.1.1) isn't available, it would automatically update the DNS records for your zone to indicate that mail should be routed to mail.example.com on 2.2.2.2. When ISP 1 is back up, the PL returns to publishing both addresses as valid MX records.

The way they work the magic is very short TTL on the MX records (I think 120 seconds) as well as always monitoring the individual connections so that failover occurs quickly.

I've been running with various versions of the PL hardware for 9 years and have been very happy with not only the hardware/software combo but also the support that I've received from them.

Cheers,
Jon
  •  
billybons2006

Messages: 20
Karma: 1
Send a private message to this user
Oh, I thought 3.3.3.3 is public too Smile

Ok, your idea is clear, thank you!
Previous Topic: info about Dns check, reverse Dns and Ptr record
Next Topic: Error Log - ASyncItemOperations.cpp
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Aug 21 08:19:23 CEST 2017

Total time taken to generate the page: 0.00484 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.