Dual WAN and SMTP failover



  • I'm running dual-WAN setups at a number of clients using different ISPs on each link. So far I've just been configuring the rules so that traffic to each ISP's mail servers goes over the correct link, and configuring clients to use one of the ISP relays directly. The problem is that this doesn't work when a link fails for whatever reason - the ISP mail relays are only available internally, so when the traffic starts going out the wrong ISP, users can't send mail. Complicating matters, I can't set up a local SMTP relay as both ISPs block outgoing port 25 traffic.

    Has anyone come up with a viable solution to this problem? Ideally I'd be able to set up a transparent proxy that would automatically send the traffic out to SMTP relays that are up, but I'd be fine with having to reconfigure the clients to use pfSense as their SMTP relay. What I'd rather not do is set up a separate server to do this, though if you have suggestions for an approach using an extra box (on the LAN, it's definitely not viable for me to colocate an SMTP relay for this), that might be useful to me as well.

    So, any suggestions?



  • No ideas? I guess I will investigate how I might set up a 'smart' proxy on an internal machine then. I'll report my progress here and maybe if I come up with a solution, package it for pfSense. Maybe.

    Edit: Okay, preliminary testing suggests that the server load balancing can be used in reverse to accomplish this. It seems to successfully detect broken servers and honour the policy routing (for multi-WAN), so I think it will work out. Now to try it in production…

    I can't seem to get a transparent proxy NAT rule working though, I guess that was too much to hope for :P


Log in to reply