[rt-users] Tricky situation with rt-mailgate
Les Mikesell
les at futuresource.com
Sat Apr 30 15:12:39 EDT 2005
On Fri, 2005-04-29 at 22:11, Tuc at Beach House wrote:
> Hi,
>
> I've got an odd situation, and wanted to see if anyone had a thought
> about how to fix.
>
> I'm running RT in a load balanced situation. I've got everything
> running it seems from the web side. From the mail side, I'm running into
> a problem. Because the mail server is in the same subnet as the load balanced
> machines, they can't talk to each other on the load balanced IP. Well, the
> way we have them configured we can't. If we changed the config, they could...
> But then it would appear EVERY hit came from the same IP, and since there are
> alot of other sites that need this information, I can't afford to do it.
If the load balancer is an F5 BigIP, you need to add a SNAT pool (source
NAT) and add the machines that need to make connections to pools
handled by the same device with the backend servers on the same subnet.
That will nat the source addresses of connections coming from the
listed machines only (not everything like a default SNAT would) so
the return packets come back through the bigip and work correctly.
Otherwise, since the target servers have a route directly back to the
source they try to return packets directly which doesn't work because
the IP doesn't match the pool address where the source was trying to
connect.
--
Les Mikesell
les at futuresource.com
More information about the rt-users
mailing list