From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Date: Sat, 24 Jul 2004 11:18:52 +0000 Subject: Re: [LARTC] routing mail on a different gateway Message-Id: <4102459C.5010404@tri-oxyde.org> List-Id: References: <41016733.9090702@tri-oxyde.org> In-Reply-To: <41016733.9090702@tri-oxyde.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Lance Dryden wrote: > Good evening, > > Since you are worried only about outbound port 25 traffic being sent > from localhost, a question arises: is all of the mail traffic coming > from one specific program? > > If so, you will probably have an easier time convincing the program to > simply bind the outbound socket locally to the correct interface. > Unless it is a full-blown MTA like Postfix or Sendmail; most MTAs want > to be told which IP address to locally bind to and not which interface > to use. > > You might be better off using NAT. This would be a somewhat goofy > use, and I have never tried it, so I do not know if it works. It > would look like this: > > iptables \ > --table nat --append POSTROUTING --proto tcp \ > --source \ > --dport 25 \ > --jump SNAT --to-source > > This line would need to be added above any POSTROUTING lines for > supporting masquerading. The kernel should be able to take care of > sending the data out the correct interface. > > Do let me know if it works. > > Yours, &c > Lance Dryden > Thanks for your response, I did two things : - Ask postfix to bind to second isp's external ip => traffic go out through ppp1 and back in. Good but I get "connection timed out connecting to..." in postfix log - Added iptables line you adviced me to : => packets go out with second isp's ip, good, that was not the case before => packets go back But I get no answer in the telnet, which seems to be the same problem than when telling postfix to bind to second isp's ip : packets go out and back in but client cannot communicate with remote smtp server. I think I forgot some iptables lines that would let ppp1's traffic go back in. Do you know which one I should use to make sure the traffic can go back in well ? Here is the tcpdump log when doing telnet 213.41.143.209 25 : 13:12:36.296170 81.48.224.208.51061 > 213.41.143.209.smtp: S 3495988204:3495988204(0) win 5808 (DF) [tos 0x10] 13:12:36.437196 213.41.143.209.smtp > 81.48.224.208.51061: S 687160518:687160518(0) ack 3495988205 win 16800 (DF) 13:12:38.703028 213.41.143.209.smtp > 81.48.224.208.51060: S 1256669228:1256669228(0) ack 3496982511 win 16800 (DF) 13:12:39.292786 81.48.224.208.51061 > 213.41.143.209.smtp: S 3495988204:3495988204(0) win 5808 (DF) [tos 0x10] 13:12:39.428299 213.41.143.209.smtp > 81.48.224.208.51061: S 687160518:687160518(0) ack 3495988205 win 16800 (DF) 13:12:40.398787 213.41.143.209.smtp > 81.48.224.208.51059: S 957484233:957484233(0) ack 3482227097 win 16800 (DF) Thanks for your help ! Julien _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/