Forum Discussion

edib_26117's avatar
edib_26117
Icon for Nimbostratus rankNimbostratus
Jun 05, 2014

smtp outgoing load balancing

I have /28 16 ip addresses and then want to use them as my MX records. I have 2 real smtp servers that will send mail to outside and accept mail from outside while load balancing these 16 ips. I tried to do somethings with my own but outbound sending was unsuccessful. I created a virtual server with that my smtp servers can talk from port 25 and then created an snat pool with these ips connect it to this VS and I did not put any pool for the VS and it did not work. What should be the right config for this request in F5 LTM?

 

APM
application delivery
availability
design
LTM
security

12 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jun 05, 2014

    Not sure I understand about the 16 IPs but regardless, for the outbound you should use a separate wildcard VS (only enabled on the relevant internal VLAN) listening on port 25 and attach the SNAT Pool to that.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 05, 2014

    you mean you want to snat source ip to /28 16 ip addresses for outbound email from 2 smtp servers and accept inbound email destined to /28 16 ip addresses then load balance to 2 smtp servers, don't you?

     

    • edib_26117's avatar
      edib_26117
      Icon for Nimbostratus rankNimbostratus
      Jun 05, 2014
      yes, a virtual server with 16 ip address or 16 virtual server and 2 pool member to accept smtp incoming, I have succesfully achieved it. But I cannot achieve sending email. I defined an virtual server with ip address ie 192.168.0.3, my members servers are 192.168.0.4-5 and I put real 16 ips snat into 192.168.0.3 VS. but then I cannot figured it out how to redirect mail traffic to 192.168.0.3 port 25.
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Jun 05, 2014

    you mean you want to snat source ip to /28 16 ip addresses for outbound email from 2 smtp servers and accept inbound email destined to /28 16 ip addresses then load balance to 2 smtp servers, don't you?

     

    • edib_26117's avatar
      edib_26117
      Icon for Nimbostratus rankNimbostratus
      Jun 05, 2014
      yes, a virtual server with 16 ip address or 16 virtual server and 2 pool member to accept smtp incoming, I have succesfully achieved it. But I cannot achieve sending email. I defined an virtual server with ip address ie 192.168.0.3, my members servers are 192.168.0.4-5 and I put real 16 ips snat into 192.168.0.3 VS. but then I cannot figured it out how to redirect mail traffic to 192.168.0.3 port 25.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 05, 2014

    I defined an virtual server with ip address ie 192.168.0.3, my members servers are 192.168.0.4-5 and I put real 16 ips snat into 192.168.0.3 VS. but then I cannot figured it out how to redirect mail traffic to 192.168.0.3 port 25.

     

    as Steven mentioned, you should create wildcard forwarding virtual server listening on port 25 (0.0.0.0/0:25) and assign snatpool (/28 16 ip addresses) to it.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 05, 2014

    how can mail servers (pool members) route the mail traffik to this virtual server?

     

    isn't smtp server default gateway bigip?

     

    • edib_26117's avatar
      edib_26117
      Icon for Nimbostratus rankNimbostratus
      Jun 05, 2014
      ok, I understand now. If I make default gateway of the members the bigip, then everything fits. At first without default gateway, I tried to solve it. but it seems that I must do that. thanks.
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Jun 05, 2014

    how can mail servers (pool members) route the mail traffik to this virtual server?

     

    isn't smtp server default gateway bigip?

     

    • edib_26117's avatar
      edib_26117
      Icon for Nimbostratus rankNimbostratus
      Jun 05, 2014
      ok, I understand now. If I make default gateway of the members the bigip, then everything fits. At first without default gateway, I tried to solve it. but it seems that I must do that. thanks.