Cluster alias IP and NAT question - VMS

This is a discussion on Cluster alias IP and NAT question - VMS ; I have a multinode cluster serving mail. I have a cluster IP alias set up and it works fine for the most part. Problem is outbound mail looks like it is coming from the node that sent it, not the ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Cluster alias IP and NAT question

  1. Cluster alias IP and NAT question

    I have a multinode cluster serving mail. I have a cluster IP alias
    set up and it works fine for the most part. Problem is outbound mail
    looks like it is coming from the node that sent it, not the IP alias
    address. This means the NAT on the firewall doesn't do it's reverse
    "magic" to say the mail is coming from the cluster alias but the
    firewall itself.

    i.e.

    NAT on the firewall says 64.x.x.115, the external ISP assigned IP,
    points to 172.17.17.238 (internal cluster alias). When .17.240 (the
    main mail node) connects out, it shows up as 64.x.x.9, the external
    IP address of the firewall.

    If you do a lookup on 115 it shows up as kuhrt.net, and all is well.
    If you do a lookup on 9 it shows up as sfo1.dsl.speakeasy.net, which
    some mail handlers think is a dialup and thus spam.

    How do I get the outbound IP to look like the cluster alias IP so the
    NAT works properly?

    Alpha VMS 7.3-2
    Multinet V5.0A-X

    Thanks,
    Marty

  2. Re: Cluster alias IP and NAT question

    Marty Kuhrt wrote:
    > I have a multinode cluster serving mail. I have a cluster IP alias
    > set up and it works fine for the most part. Problem is outbound mail
    > looks like it is coming from the node that sent it, not the IP alias
    > address. This means the NAT on the firewall doesn't do it's reverse
    > "magic" to say the mail is coming from the cluster alias but the
    > firewall itself.
    >
    > i.e.
    >
    > NAT on the firewall says 64.x.x.115, the external ISP assigned IP,
    > points to 172.17.17.238 (internal cluster alias). When .17.240 (the
    > main mail node) connects out, it shows up as 64.x.x.9, the external
    > IP address of the firewall.
    >
    > If you do a lookup on 115 it shows up as kuhrt.net, and all is well.
    > If you do a lookup on 9 it shows up as sfo1.dsl.speakeasy.net, which
    > some mail handlers think is a dialup and thus spam.
    >
    > How do I get the outbound IP to look like the cluster alias IP so the
    > NAT works properly?
    >


    You can not have outbound connections use the cluster alias IP
    address. This is one of the reasons why it is suggested that it only
    be used for connectionless protocols (such as NFS) for automatic failover.

    regards
    Mike

    --
    +-------------------------------------------------------------------------+
    Michael Corbett Email: Corbett@process.com
    Process Software Phone: 800 722-7770 x369
    959 Concord St. 508 879-6994 x369
    Framingham MA 01701-4682 FAX: 508 879-0042

  3. Re: Cluster alias IP and NAT question

    le 01.11.2007 20:47 Marty Kuhrt a écrit:
    > I have a multinode cluster serving mail. I have a cluster IP alias
    > set up and it works fine for the most part. Problem is outbound mail
    > looks like it is coming from the node that sent it, not the IP alias
    > address. This means the NAT on the firewall doesn't do it's reverse
    > "magic" to say the mail is coming from the cluster alias but the
    > firewall itself.
    >
    > i.e.
    >
    > NAT on the firewall says 64.x.x.115, the external ISP assigned IP,
    > points to 172.17.17.238 (internal cluster alias). When .17.240 (the
    > main mail node) connects out, it shows up as 64.x.x.9, the external
    > IP address of the firewall.
    >
    > If you do a lookup on 115 it shows up as kuhrt.net, and all is well.
    > If you do a lookup on 9 it shows up as sfo1.dsl.speakeasy.net, which
    > some mail handlers think is a dialup and thus spam.
    >
    > How do I get the outbound IP to look like the cluster alias IP so the
    > NAT works properly?

    can't you configure your FW to NAT all your VMS IP @ to the same
    external IP@ in case of outgoing SMTP (and NAT "back" the external IP@
    to the cluster's IP@) ?

    >
    > Alpha VMS 7.3-2
    > Multinet V5.0A-X
    >
    > Thanks,
    > Marty


  4. Re: Cluster alias IP and NAT question

    In article <472adb1a$0$14872$426a34cc@news.free.fr>, rejoc writes:
    > le 01.11.2007 20:47 Marty Kuhrt a écrit:
    >> I have a multinode cluster serving mail. I have a cluster IP alias
    >> set up and it works fine for the most part. Problem is outbound mail
    >> looks like it is coming from the node that sent it, not the IP alias
    >> address. This means the NAT on the firewall doesn't do it's reverse
    >> "magic" to say the mail is coming from the cluster alias but the
    >> firewall itself.
    >>
    >> i.e.
    >>
    >> NAT on the firewall says 64.x.x.115, the external ISP assigned IP,
    >> points to 172.17.17.238 (internal cluster alias). When .17.240 (the
    >> main mail node) connects out, it shows up as 64.x.x.9, the external
    >> IP address of the firewall.
    >>
    >> If you do a lookup on 115 it shows up as kuhrt.net, and all is well.
    >> If you do a lookup on 9 it shows up as sfo1.dsl.speakeasy.net, which
    >> some mail handlers think is a dialup and thus spam.
    >>
    >> How do I get the outbound IP to look like the cluster alias IP so the
    >> NAT works properly?

    >
    > can't you configure your FW to NAT all your VMS IP @ to the same
    > external IP@ in case of outgoing SMTP (and NAT "back" the external IP@
    > to the cluster's IP@) ?
    >


    My firewall only does one-to-one NAT.

    So setting a cluster service name wouldn't make a difference?

    I'm only setting the cluster IP via Global Parameters in
    MU CONFIG/MENU.

+ Reply to Thread