Hello
I would like to use efa.
I have mail server on internal network - LAN - 192.168.*.*
What is best practice to use EFA?
1. EFA on public IP with 2 interfaces (eth0 WAN, eth0 LAN) to communicate with mail server
2. EFA with internal IP - LAN + virtual IP on router with specific ports open?
I have tested both but with 1 option i cant set 2 different gateways, EFA config changes both gateway interfaces at once
with one IP on and router config i wasnt able to get email to mail server also and all traffic was from router IP - this is true.
What is Your experiance with configuration? Do You use 2 interfaces?
Best regards
Maciek
Network interfaces
Re: Network interfaces
Hi,
in my opinion one interface/one firewall:
WAN
|
firewall --- DMZ --- EFA
|
LAN --- mailserver
with two firewalls:
WAN
|
firewall1
|
DMZ --- EFA
|
firewall2 --- LAN --- mailserver
EFA @ DMZ
mailserver @ DMZ (mailserver-only) OR @ LAN (with private DNS-Server, DHCP-Server, AD/Directory Server, Intranet & co. on it)
Of course in this constellation you have to make more firewall rules (https://efa-project.org/wiki/Firewall_ports), but it is (probably) safer.
in my opinion one interface/one firewall:
WAN
|
firewall --- DMZ --- EFA
|
LAN --- mailserver
with two firewalls:
WAN
|
firewall1
|
DMZ --- EFA
|
firewall2 --- LAN --- mailserver
EFA @ DMZ
mailserver @ DMZ (mailserver-only) OR @ LAN (with private DNS-Server, DHCP-Server, AD/Directory Server, Intranet & co. on it)
Of course in this constellation you have to make more firewall rules (https://efa-project.org/wiki/Firewall_ports), but it is (probably) safer.
Re: Network interfaces
Hi,
Thank You for Your answer & time.
I'll try to do it, but my last test showed me that Exchange can recive mail but EFA had problem to send mails to outside.
Best Regards
Maciek
Thank You for Your answer & time.
I'll try to do it, but my last test showed me that Exchange can recive mail but EFA had problem to send mails to outside.
Best Regards
Maciek
Re: Network interfaces
If your network and firewalls are configured correctly, efa should have no problem sending mail outside.
perhaps you could be a bit more specific as to what that problem is?
perhaps you could be a bit more specific as to what that problem is?
Re: Network interfaces
maillog says: relay=none, delay=11499, delays=11498/1.1/0/0, dsn=4.3.0, status=deferred (unknown mail transport error)
I'm tryin to build new envoirment for test but 2012 Updates are more than 1,5 GB
I'm tryin to build new envoirment for test but 2012 Updates are more than 1,5 GB
Last edited by maciekh on 25 Aug 2015 13:29, edited 1 time in total.
Re: Network interfaces
Do you have a static or a dynamic public IP(v4)?
Re: Network interfaces
From your EFA box, can you telnet successfully to another smtp box?
e.g. telnet <another mailserver 25>
What about /var/log/maillog? Are there any interesting messages in there that give more information?
e.g. telnet <another mailserver 25>
What about /var/log/maillog? Are there any interesting messages in there that give more information?
Re: Network interfaces
telnet works fine
maillog says: relay=none, delay=11499, delays=11498/1.1/0/0, dsn=4.3.0, status=deferred (unknown mail transport error)
maillog says: relay=none, delay=11499, delays=11498/1.1/0/0, dsn=4.3.0, status=deferred (unknown mail transport error)
Re: Network interfaces
Go to https://mxtoolbox.com/NetworkTools.aspx an check "mx", "smtp" and "blacklist".
Re: Network interfaces
There are no other interesting lines in maillog around the same place? Could you give us some more information from maillog, say 10 lines before and after that line.
Re: Network interfaces
on new envoirment everything works fine, thank You for Your time and help!