Re: [LARTC] Problems routing mail to particular interface

From: George Alexandru Dragoi <waruiinu@gmail.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Problems routing mail to particular interface
Date: Thu, 22 Jul 2004 23:50:41 +0000	[thread overview]
Message-ID: <3063e504072216502cc9059b@mail.gmail.com> (raw)
In-Reply-To: <003401c2c279$78772220$0802a8c0@monster>

Hehe, maybe it is this:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

On Thu, 22 Jul 2004 16:16:21 -0700, Jens <jens@pacificsun.ca> wrote:
> On Thursday 22 July 2004 14:17, George Alexandru Dragoi wrote:
> > A good think would be to give a full description to your network
> > setup, interfaces and so on, maybe there should be stuff like -s
> > 192... -d ! 192../24
> 
> Ok ....
> I have two lines to the internet, each on their own interface on a debian
> based firewall box. Eth0 goes to my cable provider and is set up dynamically,
> eth1 goes to my adsl provider on a static ip 64.114.148.101.
> Also in the firewall box are two additional interface cards - one for a DMZ
> (eth3, 192.168.1.1) and one for all the regular users (eth2, 192.168.0.1).
> The DMZ loop only has a single machine on it with ip 192.168.1.2.
> The firewall is implemented via shorewall which sets up the various rules for
> ipchains.
> The DMZ box has a postfix mail server on it. All local users send to the
> server and it then relays out the mail via the firewall box to the outside
> world.
> Is this sufficient information or do you require additional info ?
> 
> I've been messing around doing some more tests which have me more confused. As
> mentioned earlier, I mark all packets going to port 25 from the server box
> with a '1'. I then set up a rule that is inserted right before the 'main'
> rule to use table adsl whenever a fwmark of '1' is found. Table adsl just has
> a default gateway via eth1 in it. The 'main' table has a default gw via eth0.
> Leaving everything the same and just playing with the test for fwmark '1', if
> I telnet from the server box to a local ISP port 25 I get either a connection
> (no fwmark branch) or nothing (fwmark branch). If I switch the default gw in
> the 'main' table to point to my adsl provider and telnet from the server box
> to the ISP I can connect fine. This seems to indicate that the potential link
> generated with the adsl table 'should' work fine but of course it doesn't.
> Further, playing with the routing cache, it would appear that the fwmark test
> is actually performing as should and the port 25 connection is in fact routed
> via the adsl line (while having the cable line as default in the 'main'
> table). I am now wondering if there is some protocol happening that isn't
> allowed to proceed correctly ..... when I try to establish a telnet
> connection on port 25 to the local ISP from the server box, is there anything
> happening on any other port that has to be re-routed ? Could it be that some
> other part of the protocol goes thru a different port, doesn't get the fwmark
> and actually decides to go out the main default gateway (the cable
> connection) ? My mail DNS entry points to the cable connection BTW ....
> 
> .... my brain hurts ....
> 
> 
> 
> Jens
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/