[LARTC] iproute2 + netfilter problem

[LARTC] iproute2 + netfilter problem

[saz]

[-- Attachment #1: Type: text/plain, Size: 1207 bytes --]

Hi guys, i have a problem with a configuration what i'm trying to do. 
I have two computers with linux, A and B, connected in the same network with this configuration:

PC1 A: 192.168.192.1

PC2 B: 192.168.192.30

The PC1 A is a firewall doing nat... this one is connected to the internet via an adsl modem and of course it have its own public ip , and the router B is a smtp server but connected behind the router A, what i'm trying to do is redirect the smtp incoming traffic of the router A to the router B using iproute2 and nerfilter tools

This is the configuration on the router A:

iptables -t mangle -A POSTROUTING -p tcp --dport 25 -j MARK --set-mark 1 ( this marks the smtp packets with 1 )

i create a table called "smtp"  in the rt_tables file.

ip rule add fwmark 1 table smtp ( this is the rule for my table smtp )

and finally i declare a via in my smtp table, so the smtp traffic would have to go by this way.

ip route add default via 192.168.192.30 table smtp

Ok... for example if i make a telnet to PC1 on the 25 port.. this should redirect me to PC2 where is my real smtp server, but is not working... any idea of why ? the PC2 have not a firewall..

Thank you!!

[-- Attachment #2: Type: text/html, Size: 2712 bytes --]

Re: [LARTC] iproute2 + netfilter problem

[Tóth Nándor]

Hali,

saz wrote:
> Hi guys, i have a problem with a configuration what i'm trying to do.
> I have two computers with linux, A and B, connected in the same network 
> with this configuration:
>  
> PC1 A: 192.168.192.1
>  
> PC2 B: 192.168.192.30
>  
> The PC1 A is a firewall doing nat... this one is connected to the 
> internet via an adsl modem and of course it have its own public ip , and 
> the router B is a smtp server but connected behind the router A, what 
> i'm trying to do is redirect the smtp incoming traffic of the router A 
> to the router B using iproute2 and nerfilter tools
>  
> This is the configuration on the router A:
>  
> *iptables -t mangle -A POSTROUTING -p tcp --dport 25 -j MARK --set-mark 
> 1* ( this marks the smtp packets with 1 )
>  
> i create a table called "smtp"  in the rt_tables file.
>  
> *ip rule add fwmark 1 table smtp* ( this is the rule for my table smtp )
>  
> and finally i declare a via in my smtp table, so the smtp traffic would 
> have to go by this way.
>  
> *ip route add default via 192.168.192.30 table smtp*
> ** 
> Ok... for example if i make a telnet to PC1 on the 25 port.. this should 
> redirect me to PC2 where is my real smtp server, but is not 
> working... any idea of why ? the PC2 have not a firewall..

I think you totally misunderstood a few things. Routing is a different 
layer (IP) than port 25 (smtp, TCP). You can not make tcp port 25 
redirect using routing tools.

Here is an axample how to do it.

$IPTABLES -t nat -A PREROUTING -i $EXTERNAL_INTERFACE -s $ANYWHERE -p 
tcp --dport 25 -j DNAT --to-destination 192.168.1.x:25

$IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -d $INTERNAL_NET -p TCP -s 
$ANYWHERE --sport $UNPRIVPORTS \
  -d 192.168.1.x --dport 25 -j ACCEPT


I recommend you to read a book about basic networking layers and/or 
iptables.


-- 
Udv,
   Nandor
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/