Nov 302009
This is the scheme
e.g:
I got 5 Public IPs. i’m Gonna configure them, so Postfix can use multiple interfaces/ips for outgoing smtp connections.
First we need creating Interface aliases for those 5 public IPs.
In my system, using fedora:
# cd /etc/sysconfig/network-scripts/ # cp ifcfg-eth0 ifcfg-eth0:1
Edit ifcfg-eth0:1
# vi ifcfg-eth0\:1 DEVICE=eth0 <-- default device HWADDR=XX:XX:XX:XX:XX:XX ONBOOT=yes TYPE=Ethernet BOOTPROTO=none IPADDR=202.XXX.XX.2 <-- default eth0 IP address PREFIX=24 GATEWAY=202.XXX.XX.1 DNS1=202.XXX.XX.XX
Change DEVICE and IPADDR parameters
DEVICE=eth0:1 <-- device alias #1 HWADDR=XX:XX:XX:XX:XX:XX ONBOOT=yes TYPE=Ethernet BOOTPROTO=none IPADDR=202.XXX.XX.3 <-- IP alias #1 PREFIX=24 GATEWAY=202.XXX.XX.1 DNS1=202.XXX.XX.XX
We can continue with next interfaces for IP aliases same way as mention above.
when we were done, bring those IP aliases up.
#ifup eth0:1 #ifup eth0:2 #ifup eth0:3 #ifup eth0:4 ...... next interfaces
Check if interfaces is up
#ifconfig
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:202.XXX.XX.2 Bcast:202.XXX.XX.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb0:e91/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:598678 errors:0 dropped:0 overruns:0 frame:0
TX packets:26348 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:49088016 (46.8 MiB) TX bytes:7707579 (7.3 MiB)
eth0:1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:202.XXX.XX.3 Bcast:202.XXX.XX.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0:2 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:202.XXX.XX.4 Bcast:202.XXX.XX.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0:3 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:202.XXX.XX.5 Bcast:202.XXX.XX.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
......
and so on
There’s no particular configuration need to adjust in postfix.
Now the iptables part.make sure your iptables support for statistic match module.
# iptables -m statistic -h ...... ...... ...... statistic match options: --mode mode Match mode (random, nth) random mode: --probability p Probability nth mode: --every n Match every nth packet --packet p Initial counter value (0 <= p <= n-1, default 0)
Next continue with iptables rule for rotating source IP addresses.
# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.2 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.3 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.4 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.5 # iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.6
done
note: this guide based on someone’s post on postfix-users mailing list
You may also want to read these posts:
- Iptables Selectively Allowing ssh Connection
- Postfix smtp outgoing load balancing
- Compiling iptables geoip module di centos 5
- Shaping Layer 7 Application on centos 4.7 (iptables + l7 + IMQ + tc/HTB)
- 802.1q Non Native VLAN Tagging di CENTOS 4
- Postfix Rotating Outgoing IP Using TCP_TABLE And Perl
- Extended SMTP
- Postfix Randomizing Outgoing IP Using TCP_TABLE And Perl
- Postfix Change Header From: outgoing mail using altermime
- Postfix Smtp Auth using pam_mysql On Fedora 12
48 Responses to “Postfix Smtp Outgoing IP Rotator using iptables”
Comments (48)
Hi,
I tried to upgrade my centos 5 iptables 1.3.5 using the following cmds but I got error as follows:
# rpm -Uvh iptables-1.4.3.2-2.fc12.src.rpm –nomd5
# cd `rpm –eval ‘%{_specdir}’`
# rpmbuild -ba iptables.spec
# cd /usr/src/redhat/RPMS/i386
# rpm -Uvh iptables-1.4.3.2-2.i386.rpm
Errors: error: Failed dependencies:
iptables = 1.3.5 is needed by (installed) iptables-ipv6-1.3.5-5.3.el5_4.1.i386
iptables = 1.3.5 is needed by (installed) iptables-devel-1.3.5-5.3.el5_4.1.i386
Please any idea what might be wrong? My Iptables details as follows:
rpm -qa | grep iptables
iptables-1.3.5-5.3.el5_4.1
iptables-ipv6-1.3.5-5.3.el5_4.1
iptables-devel-1.3.5-5.3.el5_4.1
try this:
wow. Worked like chram. Many thanks
you’re welcome buddy
I have tested “–every n”. With same “n”, packets aren’t evenly distributed.
N should be like N, N-1, N-2 ….
not even and packet drop
5 276 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 5
4 232 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 5
3 152 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 5
2 100 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 5
2 104 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 5
5 256 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
evenly
29 1608 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 5
29 1524 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 4
28 1488 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 3
28 1440 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 2
28 1460 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 statistic mode nth every 1
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
Hi friend,
I want to ask you is it possible to send emails from proxy ip’s and get inboxing.
Hi leenoux,
Can you install this on my server? I need ip rotation so I can send unlimeted mails.
Your post is nice but i want ip rotation in postfix such that ip’s are rotated every hour how can i achieve this.
i dunno, maybe this is what you want
http://www.kutukupret.com/2011/11/15/postfix-changing-outgoing-ip-by-time-interval-using-tcp_table-and-perl/
http://www.kutukupret.com/2010/12/06/postfix-randomizing-outgoing-ip-using-tcp_table-and-perl/
This is a post i see in reference of ip rotation with per hour changing ip’s of outgoing mails in postfix is it right if i follow this post to achieve my goal.
http://www.kutukupret.com/2011/11/15/postfix-changing-outgoing-ip-by-time-interval-using-tcp_table-and-perl/