This is platform specific. For instance, on a Cisco box you could choose an
interface and a NAT mapping based on access-lists that are as granular as
you like. This would effectively allow you to pick the source IP of the
mailserver and the interface you wanted to send it out of. The feature is
called "route-map". You'd need to screw with Sendmail to get it to do
anything useful on a message by message basis instead of destination by
destination basis.
In other words, you could make all messages from the same server going to
network-1.com use source IP 1.2.3.4 and interface eth0 and messages going to
network-2.com use source IP 3.4.5.6 and interface PRI0 - even if the
shortest route to network-2 is down eth0. You couldn't (easily) make
messages to [EMAIL PROTECTED] use 1.2.3.4 and messages to [EMAIL PROTECTED]
use 3.4.5.6. If I had to do it I would have a couple of dummy sendmail boxes
that did mail relay, and hack the master sendmail box to choose which of the
dummy servers to relay through based on message content / sender etc. Then
the router could mess with addressing based on source IP of the relay
servers. Then again, I've said before that I'm bound for TCP/IP Hell, so
this is guaranteed NOT to be the cleanest solution. 8)
So, what is really important is how smart the firewall is in terms of its
routing engine. I have only just started playing with *nix software routers
/ firewalls (I prefer a Cisco for the routing, firewall as access control)
but I'd say you'd be on a winner with that kind of box. I doubt you could
get (for example) an NT box to do this without help.
Note that the IP addresses of the firewall interfaces shouldn't be involved
here. Either you're using NAT to change the source IP of the mailserver or
you're not. The source address at the _Ethernet_ level will always be that
NIC on the firewall, but I don't think you can change that unless you have
two NICs that front onto the same network segment (bizarre).
Is this what you were talking about?
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
Direct Dial: (08) 8422 8319 Mobile: (0414) 411 520
-----Original Message-----
From: william.wells [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 26, 1999 2:49 AM
To: '[EMAIL PROTECTED]'
Subject: Forcing route through non-default path
I have a rather odd requirement specifically initially dealing with sendmail
but which may have other applications.
In this particular case, we have an interface on the firewall which has 2 IP
addresses assigned to it. The route from us to our destination uses this
interface. We would like to be able to have sendmail send, on a message by
message basis, use one or the other IP address and the source; that is, on
selected messages, we want to use an IP/interface other than the one that
the routing algorithm would normally select. A similar application would be
to have sendmail, or another application, send through another interface
instead of using the one that the default route is on. To add further
complication, we may wish to send mail to the same host but have them leave
with different source IPs. All IP addresses are ours and appropriately
registered in DNS.
I believe this is really a network layer issue, not really an application
issue.
"Sendmail" is our current application- we may wish to do this on other
applications (ex: FTP) down the road.
As this is fairly specific, replies can be sent directly to:
[EMAIL PROTECTED]
William Wells
Technical Projects Manager
Damark International, Inc
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
