2 Internet Connections - one Server

[overcast32]

Have a problem I'm trying to get past without buying anymore expensive hardware - thought maybe I could find some ideas here.

Here's my question:

I have a Win2K server that's running exchange. We have 2 seperate internet connections - one is a full T1 and the other is a regular DSL connection. The DSL line is simply a backup in case the T1 goes down. That's not an issue in itself - I can telnet into our primary router - make a couple IP route changes and all the internet traffic goes out to the web via the DSL instead of the T1.

However; when we swtich over to the DSL - another problem surfaces. In order for our e-mail to keep flowing right, I need to call our ISP and have him re-direct mail to the DSL's IP address. Now, I can have him set up a secondary MX record to try if the main one goes down, but he's making it sound like he doesn't want to do this unless I can keep both connections live to the server all the time.

So - to sum it up. Is there anyway to allow incoming Telnet requests to port 25 on both internet connections all the time? Both connections are live right now - but if I attempt to telnet to port 25 on the server using the DSL connection, I won't get any reply (yes, forwarding on the router is setup fine). If I switch the gateway to the DSL it will work fine - and vise-versa.

I'm about 95% sure the problem is the gateway - is there anyway to get windows to accept connections coming from either gatway, all the time?

Hope I managed to convey my problem properly...

Thanks!

 

[markdmac]

I can think of two things you can do. First would be to install a local firewall and route to your server via NAT. That way YOU can do the change and the ISP still directs to the same IP.

Other option is to set up Network Load Balancing on the two NICs.

Direct mail to the shared IP.

I hope you find this post helpful.

Regards,

Mark

 

[overcast32]

Well - the IP on the "outside" is different for the DSL and the T1 services.

I don't really have any control over that - the services are through different companies, so no real control there. In otherwords - not much I can do with two different outside IP's. I see what you are saying about the firewall though, but I don't think it would work in our case - since the ISP would still have to use of of the two.

The network load balancing may possibly work, I can look into that - but does Windows 2000 server support that out of the box?

My last option is to just set up a Linux SMTP server to pass traffic through to our mail server.

 

[markdmac]

yes, win2k supports it out of the box.

I hope you find this post helpful.

Regards,

Mark

 

[kmcferrin]

Probably a better post for the Exchange forum, but if you are running Exchagne 2000 you will need to tell it which IP address to listen on for incoming data. Go to Exchange System Manager, and on that server under the SMTP protocols you can configure multiple addresses for it to listen on. That might do the trick.

I'm still a little unclear about what your architecture looks like. How are the external connections seeing your Exchange server? Do they have public addresses, or some sort of NAT, or what? It seems to me that if both of your firewalls forward traffic on port 25 from the external address to your internal IP address, then your server wouldn't care which way it came in.

When the traffic comes in via the DSL connection, what path does it follow? Does it go through another router? Is the inbound data coming in via the DSL and trying to send replies back out over the T1? If so then it's probably a routing problem. Would you be better off configuring your main router to have the DSL route all of the time and let it load balance? Or assign it a higher cost route that only comes into play when the lower cost route is down?

 

[overcast32]

Well - the server doesn't seem to reply to incoming requests on the DSL connection, unless the routing is changed.

The exchange services are running just fine on the server - you can telnet into port 25 from the T1's IP address just fine - you can telnet into the DSL connection *if* the default route on the router is changed to the DSL's IP address.

I think I might try the higher cost route and see what happens. I really don't need load balancing, just the ability to fail over.

Both routers are just plugged into the swtich, if I change the default gateway on this machine now I can use the DSL to get to the web no problems. It's really just a matter of getting the server to acknowledge incoming connections using either route. I tried adding a gateway to the DSL connection, but it still seems to just want to allow incoming traffic from the primary route.

It's not really an exhcange question, per se - if I can telnet to the server from either connection, anytime - it will solve my problem just fine.

Maybe I should re-phrase it some - let's say you have a server in a switch along with 2 routers with internet connections.

Router 1 has an IP of 192.168.1.1 Router 2 has an IP of 192.168.1.2 - each router has a different WAN IP address on a different subnet, using a different IP address on the outside.

192.168.1.1 is the default gateway - normally traffic goes through that connection, unless you specifically change the default gateway to 192.168.1.2 - then, of course - traffic would pass over that connection.

192.168.1.1 is still the default gateway - you can telnet to the WAN IP on that router with no problems. However; when you attempt to Telnet to the WAN IP on 192.168.1.2 - you get no response.

Maybe that helped some? I'd like to be able to telnet to either WAN ip, regardless of which router the request comes through.

 

[kmcferrin]

Yeah, that makes a lot of sense. I'm not sure the best way to do that. At the very least you will need routes for both paths to be active. The problem is, your server thinks that the only way to get data back to the Internet (or at least the preferred way) is via router #1.

I know that you indicated that you don't need load balancing, but you might be just as well off to set up something like that anyways. If the load is balanced between both connections then if one link fails your traffic will automatically only use the second link. Since you're setting up a second MX record, you will still need to allow inbound connections of both circuits anyway, so in effect you're load balancing your incoming traffic.

 

[overcast32]

ok - thanks, I think that verifies what my ISP told me too. My primary objective here is to just set up a secondary internet link to failover to - even a manual failover will work out well enough.

The problem comes up when remote mail servers attempt a reverse DNS lookup - a lot of mail will not be delivered because it cannot resolve the reverse DNS to the proper domain name.

 

[markdmac]

Set your TTL value to something low like one hour. That way the new entry will get picked up for the RDNS within an hour instead of the default 24 hours.

I hope you find this post helpful.

Regards,

Mark