Discussion:
Cluster alias IP and NAT question
(too old to reply)
Marty Kuhrt
2007-11-01 19:47:01 UTC
Permalink
I have a multinode cluster serving mail. I have a cluster IP alias
set up and it works fine for the most part. Problem is outbound mail
looks like it is coming from the node that sent it, not the IP alias
address. This means the NAT on the firewall doesn't do it's reverse
"magic" to say the mail is coming from the cluster alias but the
firewall itself.

i.e.

NAT on the firewall says 64.x.x.115, the external ISP assigned IP,
points to 172.17.17.238 (internal cluster alias). When .17.240 (the
main mail node) connects out, it shows up as 64.x.x.9, the external
IP address of the firewall.

If you do a lookup on 115 it shows up as kuhrt.net, and all is well.
If you do a lookup on 9 it shows up as sfo1.dsl.speakeasy.net, which
some mail handlers think is a dialup and thus spam.

How do I get the outbound IP to look like the cluster alias IP so the
NAT works properly?

Alpha VMS 7.3-2
Multinet V5.0A-X

Thanks,
Marty
Michael Corbett
2007-11-01 19:49:40 UTC
Permalink
Post by Marty Kuhrt
I have a multinode cluster serving mail. I have a cluster IP alias
set up and it works fine for the most part. Problem is outbound mail
looks like it is coming from the node that sent it, not the IP alias
address. This means the NAT on the firewall doesn't do it's reverse
"magic" to say the mail is coming from the cluster alias but the
firewall itself.
i.e.
NAT on the firewall says 64.x.x.115, the external ISP assigned IP,
points to 172.17.17.238 (internal cluster alias). When .17.240 (the
main mail node) connects out, it shows up as 64.x.x.9, the external
IP address of the firewall.
If you do a lookup on 115 it shows up as kuhrt.net, and all is well.
If you do a lookup on 9 it shows up as sfo1.dsl.speakeasy.net, which
some mail handlers think is a dialup and thus spam.
How do I get the outbound IP to look like the cluster alias IP so the
NAT works properly?
You can not have outbound connections use the cluster alias IP
address. This is one of the reasons why it is suggested that it only
be used for connectionless protocols (such as NFS) for automatic failover.

regards
Mike
--
+-------------------------------------------------------------------------+
Michael Corbett Email: ***@process.com
Process Software Phone: 800 722-7770 x369
959 Concord St. 508 879-6994 x369
Framingham MA 01701-4682 FAX: 508 879-0042
rejoc
2007-11-02 08:08:58 UTC
Permalink
Post by Marty Kuhrt
I have a multinode cluster serving mail. I have a cluster IP alias
set up and it works fine for the most part. Problem is outbound mail
looks like it is coming from the node that sent it, not the IP alias
address. This means the NAT on the firewall doesn't do it's reverse
"magic" to say the mail is coming from the cluster alias but the
firewall itself.
i.e.
NAT on the firewall says 64.x.x.115, the external ISP assigned IP,
points to 172.17.17.238 (internal cluster alias). When .17.240 (the
main mail node) connects out, it shows up as 64.x.x.9, the external
IP address of the firewall.
If you do a lookup on 115 it shows up as kuhrt.net, and all is well.
If you do a lookup on 9 it shows up as sfo1.dsl.speakeasy.net, which
some mail handlers think is a dialup and thus spam.
How do I get the outbound IP to look like the cluster alias IP so the
NAT works properly?
Alpha VMS 7.3-2
Multinet V5.0A-X
Thanks,
Marty
Marty Kuhrt
2007-11-04 21:33:24 UTC
Permalink
Post by Marty Kuhrt
I have a multinode cluster serving mail. I have a cluster IP alias
set up and it works fine for the most part. Problem is outbound mail
looks like it is coming from the node that sent it, not the IP alias
address. This means the NAT on the firewall doesn't do it's reverse
"magic" to say the mail is coming from the cluster alias but the
firewall itself.
i.e.
NAT on the firewall says 64.x.x.115, the external ISP assigned IP,
points to 172.17.17.238 (internal cluster alias). When .17.240 (the
main mail node) connects out, it shows up as 64.x.x.9, the external
IP address of the firewall.
If you do a lookup on 115 it shows up as kuhrt.net, and all is well.
If you do a lookup on 9 it shows up as sfo1.dsl.speakeasy.net, which
some mail handlers think is a dialup and thus spam.
How do I get the outbound IP to look like the cluster alias IP so the
NAT works properly?
My firewall only does one-to-one NAT.

So setting a cluster service name wouldn't make a difference?

I'm only setting the cluster IP via Global Parameters in
MU CONFIG/MENU.

Loading...