Crossroads Load Balancer

[mbjeepxj]

Hi,

I'm testing out XR in balancing email servers. I'll be balancing HTTP, POP3, and SMTP.

I'll be using ACLs for the SMTP service. In testing out the function, I notice that if I connect from a host not in the "allowed" list, XR correctly handles it and doesn't connect to the backend... however, I notice that my host stays connected to XR until my SMTP client times out.. I also notice that on my XR server, the netstat list shows these connections in the "close_wait" state for quite some time.

Is there any way to get it to immediatly close the connection if the host doesn't match my allowed ACL?

Mark

[Karel]

Hi,

As for the close_wait state, try the flag -C or --close-sockets-fast. As for having your host staying connected: I suspect that that's on your SMTP server end. XR will at when disconnecting simply hang up, it doesn't know that the SMTP server expects "quit\n" as the command to issue before hanging up. Maybe the docs for your SMTP server can help there?

/Karel

[mbjeepxj]

Thanks, but I was actually talking about connections between the SMTP CLIENT and the XR server when using ACLs to allow IP ranges to use the service... I was worried and DOS attacks by opening up many connections to XR that never seemed to close after XR blocked access.

But, I'm using ACLs in my Cisco router instead to do the same thing, so no worries.

Thanks for the reply.

Mark