1 webserver, 3+ email servers, only one public IP.....how?

[rog2054]

HI,

Here's my setup:
--->ADSL Router--->HUB--->LAN.

On the LAN there are linux boxes i could use for servers.
(two linux boxes 'spare' - not sure if i need/better to use both).

This is what i want to achieve.

I have one public (internet) IP address which my ADSL Router uses. The router (Efficient 5861 series) can perform NAT and port-forwarding etc.

I wish to setup a web server for one of my domains.
Also an email server to send/retrieve, and separate for local pop3 over the LAN (and possibly from elsewhere on the net), and also with webmail ability. The email is from 3 different domains, 2 are .co.uk, 1 is a .com

The email needs to be split up so each LAN user only gets their email.
ie user1 gets email sent to user1@myukdomain.co.uk, user1@myotherukdomain.co.uk, user1@mycomdomain.com.
(would it complicate things if eg bob@myukdomain.co.uk and bob@mycomdomain.com were two different people and hence their mail needed sorting on a per-account basic rather than per user alias?)

Also the LAN user should be able to choose which domain the email reply is sent through.

I am a bit confused how i go about setting up everything so it'll all function on the one public IP?

What do i set on my domains for the email from all 3 of them to come to my IP?

I'm going to use apache for the webhosting (only needed for one of the domains - not multiple domains on one IP) and am okay with setting that up apart from the IP puzzle as above.

What programs do people suggest using for the email side of things? I was considering maybe qmail with squirrelmail? Or would Courier be more suited to my requirements?

Would this be a better layout for my network?
-->ADSL Router-->Linux DNS Server-->HUB-->LAN
and then put the email/web server on the LAN.

I should mention the email clients will be windows machines (rather than using eg pine in a shell on the linux machine).

I realise this is a lengthy question involving many many aspects of linux/networking, but i hope i have explained it well.
I'm expecting advice and suggestions rather than a step-by-step setup for every single package i'm going to be using (phew!).
I understand how a DNS server works (checking if the name is in local records, if not forward request to next most-relevant DNS server etc), but setting the domain info with my domain host, and the multiple servers on one IP thing is puzzling me. As is how to do multiple email domains on one email server.

Regards
Roger

 

[marsd]

It sounds to me like you want a pretty expensive consulting job done for free
I'll give you some hints..

With the router in the picture this is not really a linux question. The linux hosts are dependent on your routers
capabilities.

I would do this:
Using a linux machine as my fw/gw/router..
1)Run bind and configure 'n' zones for your domains.
All records should point to your pub address. You could
create a private zone for your internal addressing, but
would need to create an exclusion mask for queries requesting this info.
2)Create a firewall set. This would require dnat rules
out the ying-yang.
3)Your mail solution is impractical. Stay simple here.
Use a single mail hub and single MX responsible for all mail and relay it via virtusers to your other mail servers if you are absolutely sure you want it that way.
All of your MTA's are smart enough to be able to handle mail which comes to them when they are configured correctly.

Synopsis:
If you do not have a significant knowledge of all the
software you will be dealing with, and excellent general
net.eng knowledge this could be a very ugly problem.
In this situation simple is better. I would standardize
on one set of tools.

HTH.

 

[rog2054]

marsd, thanks for the feedback.

What capabilities of the router are you referring to? I am unable to use linux as the router because the adsl modem does not work under linux - i could however run it as a second router if that would serve the same purpose...which is what i was trying to ask, my fault if that was not clear hence:
ISP-->ADSLrouter-->Linux Router & DNS-->HUB

I realise what i require is a complex setup but i feel that a simple solution would defeat the object by only half doing the job i want.

My other unanswered question is how the MX and nameserver records for each of the domains should be setup?

With my current domain carrier (or whatever the correct jargon is for the place i purchased my domain from), i can set the DNS ANAME, and the 2 nameservers. Is this enough configuration to be able to setup my own email server as above? (with or without with the aid of my own DNS server?)

If i used NAT on my ADSLrouter to port-forward port 53 to my linux box (for DNS) resolution, would this function as though the ADSLrouter was doing the DNS, from the perspective of the internet i mean?

Regards

 

[marsd]

Okay.
The response on "how to" do this would be a mini howto.
To answer your questions briefly:
All traffic will seem to originate from your router.
designated port traffic will be routed to the
destination ADDRESS you specify. You'll see why the
address portion is important.
I'll give you a scenario based set briefly:

----
I have a nat enabled router(doesn't matter what IOS/OS
as long as it can forward packets and masquerade private addresses)in "front" of my network.

Rules:
My DNS is handled by an internal machine: all udp traffic for port 53 is handed to it. It's resolver in turn points to an external(forward first would also work)nameserver, and it serves 'n' zones, that is for 'n' domains, plus an internal zone for my convenience resolving internal names.
The configuration of this is fairly simple.
All of my pub.domains have the same address for everything
authoritative and otherwise, all the magic takes place behind the scenes, from the router "back"

MAIL:
For mail I list a single mail hub..
Why?
Because otherwise how am I to know where to send the
mail since the mail traffic is being dnatted?
Can I use iptables -m --string or a proxy for this
traffic?
Yes probably, but I'm not using linux for my router..
So all dnat traffic to tcp 25 has to go to one destination.
Then you have the issue of using virtusers to resend
the mail to your other domain mailservers, or just use
fetchmail and keep your accounts on one machine and have
your listed MX do all the mail.

POP..well what's the issue?
How many hosts serving POP3? Not more than one simply.
Sure if you were using a linux machine as your router
there would be more possibilities(proxies, string matching), but with your setup you have this issue
as well.

Your webserver..okay all port 80(443??) go to your
webserver,simple.

----

There are probably things I'm overlooking. There could
be some tricks you could pull with dns for instance,
depending on how smart your router is. None of it
would work 100% and introduces more complexity.
With a linux router, you do not have these problems,
or there are ways around most of it. With simple public masq and port forwarding there is only so much you can do.

HTH