Hi, I'm hoping someone else has seen this before...
I've got to machines, call them bar.foo.com and baz.foo.com. Both boxes run Debian stable, and the MTA on both is Sendmail. One is a primary mail server and the other is a secondary mail server for many of the same domains. These machines have real world addresses, call then
22.22.22.22 and 22.22.22.23, but since we've instituted IPCop as our firewall and used NAT, the machines don't really have these addresses any more, they're now really 192.168.1.22 and 192.168.1.23. They're on the same subnet and can talk to one another easily by address.
I've set them up in each others /etc/hosts files so that from bar I can ping baz.foo.com and from baz I can ping bar.foo.com and that just works. But when they try to transfer mail to each other the connection times out, and when from the command line on bar I try
telnet baz.foo.com 25
it times out, although if I try
telnet 192.168.1.23
it works perfectly.
The IPCop is set up to allow traffic on port 25 both outbound and inbound to the two boxes, and each of the boxes have the IPCop box set up as their default gateway, so I don't understand why the SMTP traffic doesn't just get routed out to the IPCop box and back in again, but it doesn't: if I try
telnet 22.22.22.23 25
that doesn't get through either.
But the other thing I don't understand is why Sendmail (and telnet) are preferring addresses they're getting from DNS to addresses they're getting from the hosts file, while ping is preferring addresses from the hosts file.
So, please, can anyone suggest either
(i) a means of configuring IPCop so that it will pass this traffic;
or
(ii) a means of configuring the boxes so that sendmail uses the DMZ addresses to talk to each other rather than the real world ones;
or
(iii) a popular, reliable and reasonably well supported open source firewall which can bind multiple addresses to a single NIC (so Linux
2.4 or 2.6 and iptables, rather than 2.2 and ipchains) and which does not insist on NATting everything.