From: Aleksandar Milivojevic <amilivojevic@pbl.ca>
To: netfilter@lists.netfilter.org
Subject: Re: redirect traffic to certain interface
Date: Wed, 29 Sep 2004 09:31:01 -0500 [thread overview]
Message-ID: <415AC725.9040601@pbl.ca> (raw)
In-Reply-To: <1096380257.8264.34.camel@linuxdesarrollo.epa.com.ve>
Victor Medina wrote:
> Hello all!
>
>
> I have a gateway server, that runs a proxy server, and a smtp. This
> server has 3 interfaces, two interfaces connected to internet with two
> different server providers and the other one is for the internal
> network.
>
> What i would like to do, is send all outgoing smtp traffic which is
> generated by the smtp server to one specific interface (eth2). The
> problem is I just don't know who to tell the iptable how to let the smtp
> server recieve all incoming traffic to the smtp server, and then forward
> all outgoing traffic to the especific device.
>
> In this case, all incoming smtp traffic generated by our internals
> clients reach the smtp server for distribution using device eth1, then
> (i would like to) let the smtp server use ONLY the eth2 to forward mail
> to the rest of the servers in internet.
>
> Can i do this? How can i do this?
Yes, you can. Advanced routing.
Basically, what you need is to mark the packets with Netfilter before
the routing decision is made. For packets generated by local process
that would be in OUTPUT chain of mangle table. Something along the
lines of "-t mangle -A OUTPUT -p tcp --dport 25 -j MARK --mark 1" (1 is
just example, you may use any other number, but you must be consistent
with next step). While there, you might also want to do SNAT in the
POSTROUTING chain of nat table to make sure returning packets will get
in on correct interface (otherwise, if packets are going out of eth2
with address of eth1, remote routers will route return packets to eth1,
end you'll end up with asymetric routing). Alternatively, instead of
using SNAT, you might do it on application level (forcing your SMTP
server to use specific source address, instead of automatically
determining it, if such config option exists in your SMTP server).
Than using ip command, you would create new routing table for packets
with fwmark 1 (this is the place where you need to be consistent, must
match parameter of --mark) that has default route set to eth2.
And voila, all your SMTP traffic is using eth2.
--
Aleksandar Milivojevic <amilivojevic@pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
next prev parent reply other threads:[~2004-09-29 14:31 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-28 14:04 redirect traffic to certain interface Victor Medina
2004-09-29 14:31 ` Aleksandar Milivojevic [this message]
2004-09-29 15:33 ` Jason Opperisano
2004-09-29 15:40 ` Victor Medina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=415AC725.9040601@pbl.ca \
--to=amilivojevic@pbl.ca \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.