Postfix SMTP Rotating IP using IPTables Rumi, August 1, 2022 I got 5 Public IPs. i’m Gonna configure them, so Postfix can use multiple interfaces/ips for outgoing smtp connections. First we need creating Interface aliases for those 5 public IPs. In my system, using centos: # cd /etc/sysconfig/network-scripts/ # cp ifcfg-eth0 ifcfg-eth0:1 Edit ifcfg-eth0:1 # vi ifcfg-eth0\:1 DEVICE=eth0 <-- default device HWADDR=XX:XX:XX:XX:XX:XX ONBOOT=yes TYPE=Ethernet BOOTPROTO=none IPADDR=202.XXX.XX.2 <-- default eth0 IP address PREFIX=24 GATEWAY=202.XXX.XX.1 DNS1=202.XXX.XX.XX Change DEVICE and IPADDR parameters DEVICE=eth0:1 <-- device alias #1 HWADDR=XX:XX:XX:XX:XX:XX ONBOOT=yes TYPE=Ethernet BOOTPROTO=none IPADDR=202.XXX.XX.3 <-- IP alias #1 PREFIX=24 GATEWAY=202.XXX.XX.1 DNS1=202.XXX.XX.XX We can continue with next interfaces for IP aliases same way as mention above. when we were done, bring those IP aliases up. #ifup eth0:1 #ifup eth0:2 #ifup eth0:3 #ifup eth0:4 ...... next interfaces Check if interfaces is up #ifconfig eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:202.XXX.XX.2 Bcast:202.XXX.XX.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:feb0:e91/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:598678 errors:0 dropped:0 overruns:0 frame:0 TX packets:26348 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:49088016 (46.8 MiB) TX bytes:7707579 (7.3 MiB) eth0:1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:202.XXX.XX.3 Bcast:202.XXX.XX.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:2 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:202.XXX.XX.4 Bcast:202.XXX.XX.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:3 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:202.XXX.XX.5 Bcast:202.XXX.XX.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 …… and so on There’s no particular configuration need to adjust in postfix. Now the iptables part.make sure your iptables support for statistic match module. # iptables -m statistic -h ...... ...... ...... statistic match options: --mode mode Match mode (random, nth) random mode: --probability p Probability nth mode: --every n Match every nth packet --packet p Initial counter value (0 <= p <= n-1, default 0) Next continue with iptables rule for rotating source IP addresses. # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.2 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.3 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.4 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.5 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.6 Administrations Configurations (Linux) CentOSiptablesPostfixRotating IPSMTP