EFW Support

Support => General Support => Topic started by: TheEricHarris on Thursday 27 August 2009, 12:37:18 am


Title: Outbound SMTP with multiple WAN links
Post by: TheEricHarris on Thursday 27 August 2009, 12:37:18 am
Hi,

I have a DSL and T1 line connected to my 2.2 ENDIAN firewall.  Fail-over works great. 

The DSL is the primary link (7mbps/800kbps) but I want all outbound email to go over our T1 link since it has reverse dns setup and has twice the upload speed.  My Exchange server sends email out to the Internet directly (do not use the SMTP outbound proxy or a smarthost).  I wish to continue this if possible.

How can I do this with ENDIAN?

Title: Re: Outbound SMTP with multiple WAN links
Post by: TheEricHarris on Sunday 30 August 2009, 01:21:47 pm
In case anyone cares, here is what I did:

1. ENDIAN box with DSL and T1 for backup.  Primary gateway for Internet for the LAN.
2. Another ENDIAN box with T1 for inbound and outbound SMTP and OWA traffic.  On the Exchange server I put in a smarthost, which is the green int of this box.

Title: Re: Outbound SMTP with multiple WAN links
Post by: StephanSch on Sunday 30 August 2009, 07:03:42 pm
You can simply realise it with one machine by setting a route which says that all data from your exchange will use the T1.

Title: Re: Outbound SMTP with multiple WAN links
Post by: TheEricHarris on Tuesday 01 September 2009, 01:44:12 am
True, but it's best this way as we have a backup box in case the primary ENDIAN hardware fails.

Title: Re: Outbound SMTP with multiple WAN links
Post by: haiau on Friday 11 September 2009, 06:17:39 pm
I have a DSL and T1 line connected to my 2.2 ENDIAN firewall.  Fail-over works great. 

The DSL is the primary link (7mbps/800kbps) but I want all outbound email to go over our T1 link since it has reverse dns setup and has twice the upload speed.  My Exchange server sends email out to the Internet directly (do not use the SMTP outbound proxy or a smarthost).  I wish to continue this if possible.

How can I do this with ENDIAN?
[/quote]

I have no perfect solution to help you in this matter, but you can try the following;

1. Identifying e-mail server user or use.
Example; Gmail, Yahoo, Hotmail, ...
2. Determine the address range IP address of the server.
Example;

# -----------------------------------------------------------
# Mail.yahoo.com
# -----------------------------------------------------------
# mail.yahoo.com 68.180.196.106

# CIDR:       66.163.160.0/19

route add -net 66.163.160.0 netmask 255.255.224.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       66.196.64.0/18

route add -net 68.196.64.0 netmask 255.255.192.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       67.195.0.0/16

route add -net 67.195.0.0 netmask 255.255.0.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       68.142.192.0/18

route add -net 68.142.192.0 netmask 255.255.192.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       68.180.192.0/20

route add -net 68.180.192.0 netmask 255.255.240.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       69.147.64.0/18

route add -net 69.147.64.0 netmask 255.255.192.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       98.136.0.0/14

route add -net 98.136.0.0 netmask 255.252.0.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       216.39.48.0/20

route add -net 216.39.48.0 netmask 255.255.240.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       206.190.32.0/19

route add -net 206.190.32.0 netmask 255.255.224.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.191.64.0/18

route add -net 209.191.64.0 netmask 255.255.192.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       67.195.160.0/19

route add -net 67.195.160.0 netmask 255.255.224.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       66.196.80.0/21

route add -net 66.196.80.0 netmask 255.255.248.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       66.196.96.0/21

route add -net 66.196.96.0 netmask 255.255.248.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       68.142.192.0/19

route add -net 68.142.192.0 netmask 255.255.224.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       98.137.32.0/19

route add -net 98.137.32.0 netmask 255.255.224.0 gw Replace (Your Uplink1 Gateway)

# -----------------------------------------------------------
# Vip.sp1.yahoo.com
# -----------------------------------------------------------

# CIDR:       68.180.131.0/24

route add -net 68.180.131.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       68.142.255.0/24

route add -net 68.142.255.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       121.101.152.0/23

route add -net 121.101.152.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       119.160.240.0/20

route add -net 119.160.240.0 netmask 255.255.240.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       68.142.224.0/20

route add -net 68.142.224.0 netmask 255.255.240.0 gw Replace (Your Uplink1 Gateway)

# -----------------------------------------------------------
# Login.yahoo.com
# -----------------------------------------------------------
# login.yahoo.com 66.163.169.186
# CIDR:       69.147.96.0/19 (255.255.224.0)

route add -net 69.147.96.0 netmask 255.255.224.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       66.163.168.0/21 (255.255.248.0)

route add -net 66.163.168.0 netmask 255.255.248.0 gw Replace (Your Uplink1 Gateway)

# -----------------------------------------------------------
# Gmail.com
# -----------------------------------------------------------
# CIDR:       74.125.0.0/16

route add -net 74.125.0.0 netmask 255.255.0.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.16.0/24

route add -net 74.125.16.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.17.0/24

route add -net 74.125.17.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.18.0/23

route add -net 74.125.18.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.32.0/24

route add -net 74.125.32.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.33.0/24

route add -net 74.125.33.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.38.0/23

route add -net 74.125.38.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.42.0/23

route add -net 74.125.42.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.44.0/23

route add -net 74.125.44.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.46.0/23

route add -net 74.125.46.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.52.0/23

route add -net 74.125.52.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.54.0/23

route add -net 74.125.54.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.60.0/24

route add -net 74.125.60.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.61.0/24

route add -net 74.125.61.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.63.0/24

route add -net 74.125.63.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.64.0/23

route add -net 74.125.64.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.66.0/23

route add -net 74.125.66.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.68.0/23

route add -net 74.125.68.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.74.0/24

route add -net 74.125.74.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.75.0/24

route add -net 74.125.75.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.76.0/23

route add -net 74.125.76.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.78.0/23

route add -net 74.125.78.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.80.0/23

route add -net 74.125.80.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.86.0/23

route add -net 74.125.86.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.90.0/23

route add -net 74.125.90.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.92.0/23

route add -net 74.125.92.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.94.0/23

route add -net 74.125.94.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.98.0/24

route add -net 74.125.98.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.112.0/23

route add -net 74.125.112.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.114.0/23

route add -net 74.125.114.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.116.0/24

route add -net 74.125.116.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.117.0/24

route add -net 74.125.117.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.118.0/24

route add -net 74.125.118.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.119.0/24

route add -net 74.125.119.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.120.0/24

route add -net 74.125.120.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.121.0/24

route add -net 74.125.121.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.122.0/24

route add -net 74.125.122.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.126.0/23

route add -net 74.125.126.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.152.0/23

route add -net 74.125.152.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.154.0/23

route add -net 74.125.154.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.156.0/23

route add -net 74.125.156.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       74.125.158.0/23

route add -net 74.125.158.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.128.0/23

route add -net 209.85.128.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.128.0/17

route add -net 209.85.128.0 netmask 255.255.128.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.132.0/23

route add -net 209.85.132.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.134.0/23

route add -net 209.85.134.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.136.0/23

route add -net 209.85.136.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.138.0/23

route add -net 209.85.138.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.140.0/23

route add -net 209.85.140.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.144.0/23

route add -net 209.85.144.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.146.0/23

route add -net 209.85.146.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.148.0/23

route add -net 209.85.148.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.152.0/23

route add -net 209.85.152.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.154.0/23

route add -net 209.85.154.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.162.0/23

route add -net 209.85.162.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.164.0/23

route add -net 209.85.164.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.166.0/23

route add -net 209.85.166.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.168.0/23

route add -net 209.85.168.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.170.0/23

route add -net 209.85.170.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.172.0/23

route add -net 209.85.172.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.192.0/23

route add -net 209.85.192.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.194.0/23

route add -net 209.85.194.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.196.0/23

route add -net 209.85.196.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.198.0/23

route add -net 209.85.198.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.200.0/23

route add -net 209.85.200.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.208.0/23

route add -net 209.85.208.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.210.0/24

route add -net 209.85.210.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.211.0/24

route add -net 209.85.211.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.212.0/24

route add -net 209.85.212.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.213.0/24

route add -net 209.85.213.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.216.0/24

route add -net 209.85.216.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.218.0/24

route add -net 209.85.218.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.219.0/24

route add -net 209.85.219.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.220.0/24

route add -net 209.85.220.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.221.0/24

route add -net 209.85.221.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.222.0/24

route add -net 209.85.222.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.223.0/24

route add -net 209.85.223.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.224.0/23

route add -net 209.85.224.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.226.0/23

route add -net 209.85.226.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.228.0/23

route add -net 209.85.228.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.230.0/23

route add -net 209.85.230.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.236.0/23

route add -net 209.85.236.0 netmask 255.255.254.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       209.85.238.0/24

route add -net 209.85.238.0 netmask 255.255.255.0 gw Replace (Your Uplink1 Gateway)

# -----------------------------------------------------------
# Login.live.com
# -----------------------------------------------------------
# login.live.com 665.54.186.79, 65.54.186.107, 65.54.165.179,
# 65.54.165.136, 65.54.186.49
# CIDR:       65.52.0.0/14 (255.252.0.0)

route add -net 65.52.0.0 netmask 255.252.0.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       65.54.160.0/19

route add -net 65.54.160.0 netmask 255.255.224.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       65.55.192.0/18

route add -net 65.55.192.0 netmask 255.255.192.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       65.55.32.0/20

route add -net 65.55.32.0 netmask 255.255.240.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       64.4.0.0/18

route add -net 64.4.0.0 netmask 255.255.192.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       213.199.160.0/20

route add -net 213.199.160.0 netmask 255.255.240.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       207.46.64.0/19

route add -net 207.46.64.0 netmask 255.255.224.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       207.46.48.0/20

route add -net 207.46.48.0 netmask 255.255.240.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       65.54.224.0/19

route add -net 65.54.224.0 netmask 255.255.224.0 gw Replace (Your Uplink1 Gateway)

# CIDR:       65.55.160.0/19

route add -net 65.55.160.0 netmask 255.255.224.0 gw Replace (Your Uplink1 Gateway)

3. Use the following simple way:
    3.1. If both links are good, set a static line for access to the server above the line 2.
    3.2. If one takes two to connect, auto delete settings were added to the static line.
    3.3. Check until the two work again, setup automatically add static line above.

You can reference additional way to check the road; http://efwsupport.com/index.php?topic=868.0

Step3. Scripting made simple load balancing, put in: /usr/local/sbin/balancing

Title: Re: Outbound SMTP with multiple WAN links
Post by: haiau on Friday 11 September 2009, 06:18:43 pm
Step3. Scripting made simple load balancing, put in: /usr/local/sbin/balancing

# --- Create for 3 Wan links, you can custom modifications ---

# ---  Begin balancing ---
#!/bin/bash

export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
PROG="balancing"
PROGDIR="/usr/local/sbin"
PROGSTATUS=000

# Configuration Variables

# ----- Begin Of Configuration -----

# Conventionally 0 indicates success in this script.

# Time between checks in seconds
SLEEPTIME=15

# IP Address or Domain name to ping. The script relies on the domain being
# Pingable and always available
# www.sf.net
CHECKHOST1=216.34.181.60
# www.yahoo.com
CHECKHOST2=209.131.36.158
# www.google.com
CHECKHOST3=208.67.216.231
# www.vnexpress.net
CHECKHOST4=210.245.0.22
# www.sourceforge.net
CHECKHOST5=216.34.181.60

# Total ping not available
CHECKNOTRETVAL=0

# If a ping detection does not receive normal response in standard time and the former state of the line is normal.
# When continuous ping detections do not receive normal responses, and the number exceed set number (default :3 ),
# then the state will change into "Break down ?off".
CHECKWEIGHT=3

# Ping timeout in seconds
TIMEOUT=3

# External interfaces (Change for your external interfaces)
EXTIF1=eth1
EXTIF2=eth2
EXTIF3=eth3

# IP address of external interfaces. This is not the gateway address. (Change for IP WAN your external interfaces)
IP1=192.168.1.254
IP2=192.168.2.254
IP3=192.168.3.254

# Gateway IP addresses. This is the first (hop) gateway, could be your router IP
# Address if it has been configured as the gateway. (Change for ip wan your gateway interfaces)
GW1=192.168.1.1
GW2=192.168.2.1
GW3=192.168.3.1

# Relative weights of routes. Keep this to a low integer value. I am using 1 for wan connection
WEIGHT1=1
WEIGHT2=1
WEIGHT3=1

# Broadband providers name; use your own names here.
NAME1=WAN1
NAME2=WAN2
NAME3=WAN3

# No of repeats of success or failure before changing status of connection
SUCCESSREPEATCOUNT=3
FAILUREREPEATCOUNT=1

# Do not change anything below this line

# Last link status indicates the macro status of the link we determined. This is down initially to force routing change upfront. Don't change these values.
LASTLINKSTATUS1=1
LASTLINKSTATUS2=1
LASTLINKSTATUS3=1

# Last ping status. Don't change these values.
LASTPINGSTATUS1=1
LASTPINGSTATUS2=1
LASTPINGSTATUS3=1

# Current ping status. Don't change these values.
CURRENTPINGSTATUS1=1
CURRENTPINGSTATUS2=1
CURRENTPINGSTATUS3=1

# Change link status indicates that the link needs to be changed. Don't change these values.
CHANGELINKSTATUS1=1
CHANGELINKSTATUS2=1
CHANGELINKSTATUS3=1

# Count of repeated up status or down status. Don't change these values.
COUNT1=0
COUNT2=0
COUNT3=0

# Log last load balancing routing status
CHECKGATEWAYLOG=/var/log/gatewaystatus

# ----- End Of Configuration -----

# Check all wan link status

while : ; do

for CHECKHOSTS in {$CHECKHOST1,$CHECKHOST2,$CHECKHOST3,$CHECKHOST4,$CHECKHOST5}
   do
      ping -W $TIMEOUT -I $IP1 -c 1 $CHECKHOSTS > /dev/null  2>&1
      RETVAL=$?
      if [ $RETVAL -ne 0 ]; then
          CHECKNOTRETVAL=`expr $CHECKNOTRETVAL + 1`
      fi
   done

if [ $CHECKNOTRETVAL -ge $CHECKWEIGHT ]; then
   RETVAL=1
else
   RETVAL=0
fi

CHECKNOTRETVAL=0

if [ $RETVAL -ne 0 ]; then
   echo Warning !!! $NAME1 Down
   echo $PROGSTATUS
   CURRENTPINGSTATUS1=1
else
   CURRENTPINGSTATUS1=0
fi

if [ $LASTPINGSTATUS1 -ne $CURRENTPINGSTATUS1 ]; then
   echo Ping status changed for $NAME1 from $LASTPINGSTATUS1 to $CURRENTPINGSTATUS1
   COUNT1=1
else
   if [ $LASTPINGSTATUS1 -ne $LASTLINKSTATUS1 ]; then
      COUNT1=`expr $COUNT1 + 1`
   fi
fi

if [[ $COUNT1 -ge $SUCCESSREPEATCOUNT || ($LASTLINKSTATUS1 -eq 0 && $COUNT1 -ge $FAILUREREPEATCOUNT) ]]; then
   echo Uptime status will be changed for $NAME1 from $LASTLINKSTATUS1
   CHANGELINKSTATUS1=0
   COUNT1=0
if [ $LASTLINKSTATUS1 -eq 1 ]; then
   LASTLINKSTATUS1=0
else
   LASTLINKSTATUS1=1
fi
else
   CHANGELINKSTATUS1=1
fi

LASTPINGSTATUS1=$CURRENTPINGSTATUS1

for CHECKHOSTS in {$CHECKHOST1,$CHECKHOST2,$CHECKHOST3,$CHECKHOST4,$CHECKHOST5}
   do
     ping -W $TIMEOUT -I $IP2 -c 1 $CHECKHOSTS > /dev/null  2>&1
     RETVAL=$?
     if [ $RETVAL -ne 0 ]; then
        CHECKNOTRETVAL=`expr $CHECKNOTRETVAL + 1`
     fi
   done

if [ $CHECKNOTRETVAL -ge $CHECKWEIGHT ]; then
   RETVAL=1
else
   RETVAL=0
fi

CHECKNOTRETVAL=0

if [ $RETVAL -ne 0 ]; then
   echo Warning !!! $NAME2 Down
   echo $PROGSTATUS
   CURRENTPINGSTATUS2=1
else
   CURRENTPINGSTATUS2=0
fi

if [ $LASTPINGSTATUS2 -ne $CURRENTPINGSTATUS2 ]; then
   echo Ping status changed for $NAME2 from $LASTPINGSTATUS2 to $CURRENTPINGSTATUS2
   COUNT2=1
else
if [ $LASTPINGSTATUS2 -ne $LASTLINKSTATUS2 ]; then
   COUNT2=`expr $COUNT2 + 1`
fi
fi

if [[ $COUNT2 -ge $SUCCESSREPEATCOUNT || ($LASTLINKSTATUS2 -eq 0 && $COUNT2 -ge $FAILUREREPEATCOUNT) ]]; then
   echo Uptime status will be changed for $NAME2 from $LASTLINKSTATUS2
   CHANGELINKSTATUS2=0
   COUNT2=0
if [ $LASTLINKSTATUS2 -eq 1 ]; then
   LASTLINKSTATUS2=0
else
   LASTLINKSTATUS2=1
fi
else
   CHANGELINKSTATUS2=1
fi

LASTPINGSTATUS2=$CURRENTPINGSTATUS2

for CHECKHOSTS in {$CHECKHOST1,$CHECKHOST2,$CHECKHOST3,$CHECKHOST4,$CHECKHOST5}
   do
     ping -W $TIMEOUT -I $IP3 -c 1 $CHECKHOSTS > /dev/null  2>&1
     RETVAL=$?
     if [ $RETVAL -ne 0 ]; then
        CHECKNOTRETVAL=`expr $CHECKNOTRETVAL + 1`
     fi
   done

if [ $CHECKNOTRETVAL -ge $CHECKWEIGHT ]; then
   RETVAL=1
else
   RETVAL=0
fi

CHECKNOTRETVAL=0

if [ $RETVAL -ne 0 ]; then
   echo Warning !!! $NAME3 Down
   echo $PROGSTATUS
   CURRENTPINGSTATUS3=1
else
   CURRENTPINGSTATUS3=0
fi

if [ $LASTPINGSTATUS3 -ne $CURRENTPINGSTATUS3 ]; then
   echo Ping status changed for $NAME3 from $LASTPINGSTATUS3 to $CURRENTPINGSTATUS3
   COUNT3=1
else
if [ $LASTPINGSTATUS3 -ne $LASTLINKSTATUS3 ]; then
   COUNT3=`expr $COUNT3 + 1`
fi
fi

if [[ $COUNT3 -ge $SUCCESSREPEATCOUNT || ($LASTLINKSTATUS3 -eq 0 && $COUNT3 -ge $FAILUREREPEATCOUNT) ]]; then
   echo Uptime status will be changed for $NAME3 from $LASTLINKSTATUS3
   CHANGELINKSTATUS3=0
   COUNT3=0
if [ $LASTLINKSTATUS3 -eq 1 ]; then
   LASTLINKSTATUS3=0
else
   LASTLINKSTATUS3=1
fi
else
   CHANGELINKSTATUS3=1
fi

LASTPINGSTATUS3=$CURRENTPINGSTATUS3

# Custom policy-based routing

if [[ $CHANGELINKSTATUS1 -eq 0 || $CHANGELINKSTATUS2 -eq 0 || $CHANGELINKSTATUS3 -eq 0 ]]; then
   if [[ $LASTLINKSTATUS1 -eq 1 && $LASTLINKSTATUS2 -eq 1 && $LASTLINKSTATUS3 -eq 0  ]]; then
      ip route flush cache
     
      # --- Delete all current custom static route ---
      # Scripting settings automatically remove all static route, Only one wan link Internet access.
      # --- Example; /usr/local/sbin/deletestatic & > /dev/null  2>&1
     
      sleep $SLEEPTIME
      echo Custom policy-based routing To 1 Wan - Switching To $NAME3
      date +"----- Custom policy-based routing :: 1 Wan - $NAME3 (%D %T) -----" >> $CHECKGATEWAYLOG
      PROGSTATUS=003
      echo $PROGSTATUS
      ip route replace default scope global via $GW2 dev $EXTIF2
      ip route show | awk '{print}' >> $CHECKGATEWAYLOG
   elif [[ $LASTLINKSTATUS1 -eq 1 && $LASTLINKSTATUS2 -eq 0 && $LASTLINKSTATUS3 -eq 1 ]]; then
      ip route flush cache

  # --- Delete all current custom static route ---
      # Scripting settings automatically remove all static route, Only one wan link Internet access.
      # --- Example; /usr/local/sbin/deletestatic & > /dev/null  2>&1
     
      sleep $SLEEPTIME
      echo Custom policy-based routing To 1 Wan - Switching To $NAME2
      date +"----- Custom policy-based routing :: 1 Wan - $NAME2 (%D %T) -----" >> $CHECKGATEWAYLOG
      PROGSTATUS=002
      echo $PROGSTATUS
      ip route replace default scope global via $GW2 dev $EXTIF2
      ip route show | awk '{print}' >> $CHECKGATEWAYLOG
   elif [[ $LASTLINKSTATUS1 -eq 0 && $LASTLINKSTATUS2 -eq 1 && $LASTLINKSTATUS3 -eq 1 ]]; then
      ip route flush cache

  # --- Delete all current custom static route ---
      # Scripting settings automatically remove all static route, Only one wan link Internet access.
      # --- Example; /usr/local/sbin/deletestatic & > /dev/null  2>&1
     
      sleep $SLEEPTIME
      echo Custom policy-based routing To 1 Wan - Switching To $NAME1
      date +"----- Custom policy-based routing :: 1 Wan - $NAME1 (%D %T) -----" >> $CHECKGATEWAYLOG
      PROGSTATUS=001
      echo $PROGSTATUS
      ip route replace default scope global via $GW1 dev $EXTIF1
      ip route show | awk '{print}' >> $CHECKGATEWAYLOG
   elif [[ $LASTLINKSTATUS1 -eq 1 && $LASTLINKSTATUS2 -eq 0 && $LASTLINKSTATUS3 -eq 0 ]]; then
      ip route flush cache

      # --- Delete all custom static route ---
      # Scripting settings automatically remove all static route.
      # --- Example; /usr/local/sbin/deletestatic & > /dev/null  2>&1
     
      # --- Add custom static routes when there are two wan links ---
      # Scripting settings automatically add static route, when there are two wan links Internet access.
      # --- Example; /usr/local/sbin/addstatic & > /dev/null  2>&1

      sleep $SLEEPTIME
      echo Custom policy-based routing To 2 Wan - Switching To $NAME2, $NAME3
      date +"----- Custom policy-based routing :: 2 Wan - $NAME2, $NAME3 (%D %T) -----" >> $CHECKGATEWAYLOG
      PROGSTATUS=023
      echo $PROGSTATUS
      ip route replace default scope global nexthop via $GW2 dev $EXTIF2 weight $WEIGHT2 nexthop via $GW3 dev $EXTIF3 weight $WEIGHT3
      ip route show | awk '{print}' >> $CHECKGATEWAYLOG
   elif [[ $LASTLINKSTATUS1 -eq 0 && $LASTLINKSTATUS2 -eq 0 && $LASTLINKSTATUS3 -eq 1 ]]; then
      ip route flush cache
     
      # --- Delete all custom static route ---
      # Scripting settings automatically remove all static route.
      # --- Example; /usr/local/sbin/deletestatic & > /dev/null  2>&1
     
      # --- Add custom static routes when there are two wan links ---
      # Scripting settings automatically add static route, when there are two wan links Internet access.
      # --- Example; /usr/local/sbin/addstatic & > /dev/null  2>&1
     
      sleep $SLEEPTIME
      echo Custom policy-based routing To 2 Wan - Switching To $NAME1, $NAME2
      date +"----- Custom policy-based routing :: 2 Wan - $NAME1, $NAME2 (%D %T) -----" >> $CHECKGATEWAYLOG
      PROGSTATUS=012
      echo $PROGSTATUS
      ip route replace default scope global nexthop via $GW1 dev $EXTIF1 weight $WEIGHT1 nexthop via $GW2 dev $EXTIF2 weight $WEIGHT2
      ip route show | awk '{print}' >> $CHECKGATEWAYLOG
   elif [[ $LASTLINKSTATUS1 -eq 0 && $LASTLINKSTATUS2 -eq 1 && $LASTLINKSTATUS3 -eq 0 ]]; then
      ip route flush cache
     
      # --- Delete all custom static route ---
      # Scripting settings automatically remove all static route.
      # --- Example; /usr/local/sbin/deletestatic & > /dev/null  2>&1
     
      # --- Add custom static routes when there are two wan links ---
      # Scripting settings automatically add static route, when there are two wan links Internet access.
      # --- Example; /usr/local/sbin/addstatic & > /dev/null  2>&1
     
      sleep $SLEEPTIME
      echo Custom policy-based routing To 2 Wan - Switching To $NAME1, $NAME3
      date +"----- Custom policy-based routing :: 2 Wan - $NAME1, $NAME3 (%D %T) -----" >> $CHECKGATEWAYLOG
      PROGSTATUS=013
      echo $PROGSTATUS
      ip route replace default scope global nexthop via $GW1 dev $EXTIF1 weight $WEIGHT1 nexthop via $GW3 dev $EXTIF3 weight $WEIGHT3
      ip route show | awk '{print}' >> $CHECKGATEWAYLOG
   elif [[ $LASTLINKSTATUS1 -eq 0 && $LASTLINKSTATUS2 -eq 0 && $LASTLINKSTATUS3 -eq 0 ]]; then
      ip route flush cache
     
      # --- Delete all custom static route ---
      # Scripting settings automatically remove all static route.
      # --- Example; /usr/local/sbin/deletestatic & > /dev/null  2>&1
     
      # --- Add custom static routes when there are three wan links ---
      # Scripting settings automatically add static route, when there are three wan links Internet access.
      # --- Example; /usr/local/sbin/addstatic & > /dev/null  2>&1
     
      sleep $SLEEPTIME
      echo Custom policy-based routing To 3 Wan - Switching To $NAME1, $NAME2, $NAME3
      date +"----- Custom policy-based routing :: 3 Wan - $NAME1, $NAME2, $NAME3 (%D %T) -----" >> $CHECKGATEWAYLOG
      PROGSTATUS=123
      echo $PROGSTATUS
      ip route replace default scope global nexthop via $GW1 dev $EXTIF1 weight $WEIGHT1 nexthop via $GW2 dev $EXTIF2 weight $WEIGHT2 nexthop via $GW3 dev $EXTIF3 weight $WEIGHT3
      ip route show | awk '{print}' >> $CHECKGATEWAYLOG
   fi
   ip route flush cache
fi
sleep $SLEEPTIME
done

# ---  End balancing ---

------------------------------------------

I hope someone is contributing the other case, better

Thanks for all the open source community to use this!!!

Title: Re: Outbound SMTP with multiple WAN links
Post by: TheEricHarris on Saturday 12 September 2009, 02:39:17 am
That is the most odd ball way of doing it.

I definitely prefer my way of having a second ENDIAN firewall and having Exchange send out to it via Smart Host.  Much better than doing a static route for every MX record in the world, LOL

Title: Re: Outbound SMTP with multiple WAN links
Post by: odtabien on Saturday 12 September 2009, 11:56:23 am
hi eric,


"Another ENDIAN box with T1 for inbound"

sorry i cant get it really.  Would you mind showing a simple diagram or your two efw?  thanks in advance. ;D


Title: Re: Outbound SMTP with multiple WAN links
Post by: TheEricHarris on Sunday 13 September 2009, 12:41:38 pm
Sure.  IP's are just examples.

<T1>---------ENDIAN FW1 76.4.88.99/172.30.100.100 --------------<LAN>

<DSL>-------ENDIAN FW2 209.3.44.34/172.30.100.101--------------<LAN>

MX record for domain(s) point to 76.4.88.99, so all inbound email comes into ENDIAN FW1.    Exchange server has a smarthost setup to forward outbound emails to 172.30.100.100.  This causes all outbound emails to go across the T1 (76.4.88.99).  I have a port forward (SNAT) setup on ENDIAN FW1 for webmail.

The default Gateway for the LAN is 172.30.100.101, so all Internet traffic is going accross the DSL.  If for some reason we want to force a client to use the T1 (not the DSL), we put them on the 100 VLAN and make their default gateway 172.30.100.100.  They can still talk with the LAN but their Internet traffic goes out the T1.

This setup works for us (100 some users).  ENDIAN FW2 box has 3 interfaces, one going to the DSL, one going to the T1 and one to the LAN.  The T1 is the backup link, so if the DSL goes down, it fails over to the T1.  If ENDIAN FW2 hardware fails, we can easilly change the default gateway on our core switch to 172.30.100.100 to go over ENDIAN FW1 box. 

Hope this makes sense!

Title: Re: Outbound SMTP with multiple WAN links
Post by: odtabien on Sunday 13 September 2009, 12:53:32 pm
ok thank  you very much eric.  actually i am looking for this similar setup.

i will try to follow your instruction and hopefully works for me.


Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media