Re: [LARTC] routing mail on a different gateway

From: Julien <dyna@tri-oxyde.org>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] routing mail on a different gateway
Date: Sat, 24 Jul 2004 11:18:52 +0000	[thread overview]
Message-ID: <4102459C.5010404@tri-oxyde.org> (raw)
In-Reply-To: <41016733.9090702@tri-oxyde.org>

Lance Dryden wrote:

> Good evening,
>
> Since you are worried only about outbound port 25 traffic being sent 
> from localhost, a question arises: is all of the mail traffic coming 
> from one specific program?
>
> If so, you will probably have an easier time convincing the program to 
> simply bind the outbound socket locally to the correct interface. 
> Unless it is a full-blown MTA like Postfix or Sendmail; most MTAs want 
> to be told which IP address to locally bind to and not which interface 
> to use.
>
> You might be better off using NAT.  This would be a somewhat goofy 
> use, and I have never tried it, so I do not know if it works.  It 
> would look like this:
>
> iptables \
>     --table nat --append POSTROUTING --proto tcp \
>     --source <general-traffic-interface-IP> \
>     --dport 25 \
>     --jump SNAT --to-source <SMTP-specific-interface-IP>
>
> This line would need to be added above any POSTROUTING lines for 
> supporting masquerading.  The kernel should be able to take care of 
> sending the data out the correct interface.
>
> Do let me know if it works.
>
>   Yours, &c
>   Lance Dryden
>
Thanks for your response,

I did two things :

- Ask postfix to bind to second isp's external ip
=> traffic go out through ppp1 and back in. Good but I get "connection 
timed out connecting to..." in postfix log

- Added iptables line you adviced me to :
=> packets go out with second isp's ip, good, that was not the case before
=> packets go back

But I get no answer in the telnet, which seems to be the same problem 
than when telling postfix to bind to second isp's ip : packets go out 
and back in but client cannot communicate with remote smtp server.

I think I forgot some iptables lines that would let ppp1's traffic go 
back in. Do you know which one I should use to make sure the traffic can 
go back in well ?

Here is the tcpdump log  when doing telnet 213.41.143.209 25 :

13:12:36.296170 81.48.224.208.51061 > 213.41.143.209.smtp: S 
3495988204:3495988204(0) win 5808 <mss 1452,sackOK,timestamp 7706419 
0,nop,wscale 0> (DF) [tos 0x10]
13:12:36.437196 213.41.143.209.smtp > 81.48.224.208.51061: S 
687160518:687160518(0) ack 3495988205 win 16800 <mss 
1412,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 536203422 7706419> (DF)
13:12:38.703028 213.41.143.209.smtp > 81.48.224.208.51060: S 
1256669228:1256669228(0) ack 3496982511 win 16800 <mss 
1412,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 536203426 7706045> (DF)
13:12:39.292786 81.48.224.208.51061 > 213.41.143.209.smtp: S 
3495988204:3495988204(0) win 5808 <mss 1452,sackOK,timestamp 7706719 
0,nop,wscale 0> (DF) [tos 0x10]
13:12:39.428299 213.41.143.209.smtp > 81.48.224.208.51061: S 
687160518:687160518(0) ack 3495988205 win 16800 <mss 
1412,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 536203428 7706719> (DF)
13:12:40.398787 213.41.143.209.smtp > 81.48.224.208.51059: S 
957484233:957484233(0) ack 3482227097 win 16800 <mss 
1412,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 536203430 7705616> (DF)

Thanks for your help !

Julien

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/