Exchange and Source IP

[rbarrick1 | 17]

Hello, trying to setup SMTP load balancing but instead of the NS sending the SNIP address we want to see the client IP. We followed the following article which was to enable MAC based forwarding and Source IP. We had to change the protocol from TCP to Any and then add the loop-back adapter on the server. Has anyone got this to work correctly, without the need of setting the server to use the NS as the default gateway? Any other workarounds?

 

http://citrix.stefanriek.de/citrix/howto-load-balance-while-preserving-a-clients-source-ip-but-not-using-the-netscaler-as-your-gateway/

 

and

 

http://www.ingmarverheij.com/citrix-netscaler-dsr-poor-mans-load-balancing-solution/

 

Thanks

[Carl Stalhood | 12,795]

Direct Server Return (your second link) should not require you to change the Default Gateway on your SMTP server. Just make sure the redirection mode is sessionless.

[rbarrick1 | 17]

Hi Carl, thanks for the reply. I did make sure I had sessionless checked. At that point the NetScaler showed SMTP to be up but I could no longer telnet into port 25 using the VIP. I did set method to SourceIPHash as well.

[Carl Stalhood | 12,795]

Is the NetScaler connected to the same L2 network as the SMTP server? Mac forwarding doesn't work across routers.

[Carl Stalhood | 12,795]

Here's another article - http://support.citrix.com/article/CTX110501

[rbarrick1 | 17]

Thanks Carl, I got this to work. I had another lb vip that was disabled but had the same IP as my new vip. Once this was deleted I could telnet into port 25. I did notice that if you have a receive connector in exchange with the external secure box checked you become an open relay even though you have specifically only set certain internal IP's to use this connector. We just unchecked this and setup authentication for internal services that need to relay out. All checks now pass and the spam logs are now showing the client IP instead of the SNIP.

[Andreas Tratter | 20]

Is the NetScaler connected to the same L2 network as the SMTP server? Mac forwarding doesn't work across routers.

 

What would be a solution for that?

[smotton585 | 0]

Is the NetScaler connected to the same L2 network as the SMTP server? Mac forwarding doesn't work across routers.

 

 

Does anyone have an answer for the above statement?  How can you handle the source ip issue if the Netscaler and the backend Exchange servers are on different subnets? I've tried the links below and nothing is working in fact I've opened a ticket with Citrix and I still have no solution after a week of support calls.

 

 

http://citrix.stefanriek.de/citrix/howto-load-balance-while-preserving-a-clients-source-ip-but-not-using-the-netscaler-as-your-gateway/

 

and

 

http://www.ingmarverheij.com/citrix-netscaler-dsr-poor-mans-load-balancing-solution/

[Dominic Herrmann | 0]

On 1/12/2016 at 1:57 PM, Andreas Tratter said:

 

What would be a solution for that?

I've got the same problem. Netscaler is in different Subnet as the SMTP Server and can't be placed into that VLAN.

If I create a servicegroup and vserver with protocol ANY, Use Client IP YES, and Sessionless load balancing ENABLED, I am unable to telnet the SMTP VIP at port 25. 

I've tested these articles but none of them helped me:

https://www.ingmarverheij.com/citrix-netscaler-dsr-poor-mans-load-balancing-solution/

https://www.mycugc.org/blog/load-balancing-exchange-smtp-relay-and-iis-smtp-iis-relay

At the moment i think, that i could only create a responder policy to limit access to the SMTP LB VIP. So each IP of our SMTP Relay Policy at the backend Exchange Servers needs to be manualy added to this Policy to allow access to the LB VIP.  That's a poor solution because of the limited troubleshooting options at the exchange servers because we will only see the SNIP and never the client IP.