Re: (OT) IP Filter: Multiple mail servers behind one firewall

From: Logan Shaw (lshaw-usenet_at_austin.rr.com)
Date: 11/21/03 

Date: Fri, 21 Nov 2003 00:10:36 GMT

Thomas H Jones II wrote:

> In article <3fb8d2cd_2@news.arcor-ip.de>,
> Alexander Selck <selck@sethora.de> did thusly spew forth:

>>I want to run 2 different mail servers behind an IPF Firewall, one
>>serving domain-a.com and the other serving domain-b.com:

      :
      :
>>Problem is, tcp/ip packets don't contain domain name information, only
>>IP address and TCP/IP port.
>>Is there any way getting this setup to work?

> You have two choices, but both require two external IPs:

Couldn't you also just make mail.domain-a.com a Mail eXchanger for
mail.domain-b.com? Then, expose mail.domain-a.com's IP address
beyond the firewall. Mail will for domain-b.com will come in to
mail.domain-a.com but will get forwarded to mail.domain-a.com
immediately and without a huge cost.

This only addresses the SMTP end of things. The POP or IMAP
end (accessing the mailboxes) is a little tougher. There may be
some software out there that can do application level proxy
load-levelling, and you could configure it to direct the TCP
connections to the right place with some sort of rule. Or,
if that doesn't exist, you probably could run the POP and IMAP
daemons on different ports on mail.domain-b.com. You'd have
to translate the ports at the firewall, though.

Of course, it would be a million times cleaner to have a separate
public IP address for each domain.

   - Logan