To configure IP tables on the load balancing host, perform the following:
- Log in to the host with the
rootprivileges. -
Execute one of the following commands to set up incoming connections forwarding:
-
When qmail nodes have sequential addresses:
iptables -t nat -A PREROUTING -p tcp -d load_balancer_external_IP -m multiport -–dport 25,110,143,587,993,995 -j DNAT --to-destination node1_internal_IP-nodeN_internal_IP
-
When qmail nodes do not have sequential addresses:
iptables -t nat -A PREROUTING -p tcp -d load_balancer_external_IP -m multiport -–dport 25,110,143,587,993,995 -j DNAT --to-destination node1_internal_IP --to-destination node2_internal_IP ... --to-destination nodeN_internal_IP
Notes:
1. IMP webmail client has the option to report messages as SPAM/HAM from IMP UI to CloudBlue Commerce SpamAssassin. The address of SpamAssassin server that will serve particular mail name is taken from SpamAssassin-proxy application, which is installed on qmail service nodes and is listening on TCP port 3100. If you plan to provide the ability to report messages as SPAM/HAM, add the load balancing rule for TCP port 3100.
2. When the Dovecot POP3/IMAP server is installed on qmail service nodes, and you plan to provide to customers the ability to manage SIEVE mail filtering rules from their SIEVE-enabled mail clients, add the load balancing rule for TCP port 2000. Note that this functionality was not tested against all existing mail clients. -
-
Execute the following command to set up outgoing connections forwarding:
iptables -t nat -I POSTROUTING -s cqmail_nodes_network -j SNAT --to-source load_balancer_external_IP
For example,
iptables -t nat -I POSTROUTING -s 10.0.0.0/8 -j SNAT --to-source 69.64.46.14
-
Save firewall rules.
service iptables save