redirect traffic to certain interface

redirect traffic to certain interface

[Victor Medina]

Hello all!


I have a gateway server, that runs a proxy server, and a smtp. This
server has 3 interfaces, two interfaces connected to internet with two
different server providers and the other one is for the internal
network.

What i would like to do, is send all outgoing smtp traffic which is
generated by the smtp server to one specific interface (eth2). The
problem is I just don't know who to tell the iptable how to let the smtp
server recieve all incoming traffic to the smtp server, and then forward
all outgoing traffic to the especific device.

In this case, all incoming smtp traffic generated by our internals
clients reach the smtp server for distribution using device eth1, then
(i would like to) let the smtp server use ONLY the eth2 to forward mail
to the rest of the servers in internet.

Can i do this? How can i do this?

Best Regards

Vic.
  

Re: redirect traffic to certain interface

[Aleksandar Milivojevic]

Victor Medina wrote:
> Hello all!
> 
> 
> I have a gateway server, that runs a proxy server, and a smtp. This
> server has 3 interfaces, two interfaces connected to internet with two
> different server providers and the other one is for the internal
> network.
> 
> What i would like to do, is send all outgoing smtp traffic which is
> generated by the smtp server to one specific interface (eth2). The
> problem is I just don't know who to tell the iptable how to let the smtp
> server recieve all incoming traffic to the smtp server, and then forward
> all outgoing traffic to the especific device.
> 
> In this case, all incoming smtp traffic generated by our internals
> clients reach the smtp server for distribution using device eth1, then
> (i would like to) let the smtp server use ONLY the eth2 to forward mail
> to the rest of the servers in internet.
> 
> Can i do this? How can i do this?

Yes, you can.  Advanced routing.

Basically, what you need is to mark the packets with Netfilter before 
the routing decision is made.  For packets generated by local process 
that would be in OUTPUT chain of mangle table.  Something along the 
lines of "-t mangle -A OUTPUT -p tcp --dport 25 -j MARK --mark 1" (1 is 
just example, you may use any other number, but you must be consistent 
with next step).  While there, you might also want to do SNAT in the 
POSTROUTING chain of nat table to make sure returning packets will get 
in on correct interface (otherwise, if packets are going out of eth2 
with address of eth1, remote routers will route return packets to eth1, 
end you'll end up with asymetric routing).  Alternatively, instead of 
using SNAT, you might do it on application level (forcing your SMTP 
server to use specific source address, instead of automatically 
determining it, if such config option exists in your SMTP server).

Than using ip command, you would create new routing table for packets 
with fwmark 1 (this is the place where you need to be consistent, must 
match parameter of --mark) that has default route set to eth2.

And voila, all your SMTP traffic is using eth2.

-- 
Aleksandar Milivojevic <amilivojevic@pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

Re: redirect traffic to certain interface

[Jason Opperisano]

On Tue, 2004-09-28 at 10:04, Victor Medina wrote:
> I have a gateway server, that runs a proxy server, and a smtp. This
> server has 3 interfaces, two interfaces connected to internet with two
> different server providers and the other one is for the internal
> network.
> 
> What i would like to do, is send all outgoing smtp traffic which is
> generated by the smtp server to one specific interface (eth2). The
> problem is I just don't know who to tell the iptable how to let the smtp
> server recieve all incoming traffic to the smtp server, and then forward
> all outgoing traffic to the especific device.
> 
> In this case, all incoming smtp traffic generated by our internals
> clients reach the smtp server for distribution using device eth1, then
> (i would like to) let the smtp server use ONLY the eth2 to forward mail
> to the rest of the servers in internet.
> 
> Can i do this? How can i do this?

read:

        http://lartc.org/howto/lartc.netfilter.html
        
-j
  
-- 
Jason Opperisano <opie@817west.com>

Re: redirect traffic to certain interface

[Victor Medina]

THANXS! =) i will check it out!

Vic.
On Wed, 2004-09-29 at 11:33, Jason Opperisano wrote:
> On Tue, 2004-09-28 at 10:04, Victor Medina wrote:
> > I have a gateway server, that runs a proxy server, and a smtp. This
> > server has 3 interfaces, two interfaces connected to internet with two
> > different server providers and the other one is for the internal
> > network.
> > 
> > What i would like to do, is send all outgoing smtp traffic which is
> > generated by the smtp server to one specific interface (eth2). The
> > problem is I just don't know who to tell the iptable how to let the smtp
> > server recieve all incoming traffic to the smtp server, and then forward
> > all outgoing traffic to the especific device.
> > 
> > In this case, all incoming smtp traffic generated by our internals
> > clients reach the smtp server for distribution using device eth1, then
> > (i would like to) let the smtp server use ONLY the eth2 to forward mail
> > to the rest of the servers in internet.
> > 
> > Can i do this? How can i do this?
> 
> read:
> 
>         http://lartc.org/howto/lartc.netfilter.html
>         
> -j
>