Postfix SMTP Rotating IP using IPTables Rumi, August 1, 2022 I got 5 Public IPs. i’m Gonna configure them, so Postfix can use multiple interfaces/ips for outgoing smtp connections. First we need creating Interface aliases for those 5 public IPs. In my system, using centos: # cd /etc/sysconfig/network-scripts/ # cp ifcfg-eth0 ifcfg-eth0:1 Edit ifcfg-eth0:1 # vi ifcfg-eth0\:1 DEVICE=eth0 <-- default device HWADDR=XX:XX:XX:XX:XX:XX ONBOOT=yes TYPE=Ethernet BOOTPROTO=none IPADDR=202.XXX.XX.2 <-- default eth0 IP address PREFIX=24 GATEWAY=202.XXX.XX.1 DNS1=202.XXX.XX.XX Change DEVICE and IPADDR parameters DEVICE=eth0:1 <-- device alias #1 HWADDR=XX:XX:XX:XX:XX:XX ONBOOT=yes TYPE=Ethernet BOOTPROTO=none IPADDR=202.XXX.XX.3 <-- IP alias #1 PREFIX=24 GATEWAY=202.XXX.XX.1 DNS1=202.XXX.XX.XX We can continue with next interfaces for IP aliases same way as mention above. when we were done, bring those IP aliases up. #ifup eth0:1 #ifup eth0:2 #ifup eth0:3 #ifup eth0:4 ...... next interfaces Check if interfaces is up #ifconfig eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:202.XXX.XX.2 Bcast:202.XXX.XX.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:feb0:e91/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:598678 errors:0 dropped:0 overruns:0 frame:0 TX packets:26348 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:49088016 (46.8 MiB) TX bytes:7707579 (7.3 MiB) eth0:1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:202.XXX.XX.3 Bcast:202.XXX.XX.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:2 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:202.XXX.XX.4 Bcast:202.XXX.XX.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:3 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:202.XXX.XX.5 Bcast:202.XXX.XX.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 …… and so on There’s no particular configuration need to adjust in postfix. Now the iptables part.make sure your iptables support for statistic match module. # iptables -m statistic -h ...... ...... ...... statistic match options: --mode mode Match mode (random, nth) random mode: --probability p Probability nth mode: --every n Match every nth packet --packet p Initial counter value (0 <= p <= n-1, default 0) Next continue with iptables rule for rotating source IP addresses. # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.2 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.3 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.4 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.5 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.6 Related Administrations Configurations (Linux) CentOSiptablesPostfixRotating IPSMTP
Creating Custom Built Debian 6 (Squeeze) May 24, 2013May 24, 2013 There is a well documented official way to create standard Debian CDs. However, sometimes it is nice to have a CD or DVD which just contains a subset of Debian Packages to fit personal needs. The following script is made for creation of such a CD image. By default, it… Read More
Install Server Certificate for IIS 6 or 5 May 8, 2011May 8, 2011 The following document is partly based on this Microsoft document: How to Import a Server Certificate for Use in Internet Information Services 5.0 (Q232137) Add Certificates snap-in to MMC Click Start, and then click Run. Type "MMC.EXE" (without the quotation marks) and click OK. Click Console in the new MMC… Read More
Setting up LDAP on Debian Distro May 16, 2012May 16, 2012 LDAP (Lightweight Directory Access Protocol) allows central user, group, domain….. authentication, information storage … Using LDAP in a local network, you can allow your users to login and authenticate from anywhere on your network. This tutorial will be split in 2 parts. In the first part, I will explain how-to… Read More