From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-1?Q?T=F3th_N=E1ndor?= Date: Sat, 15 Jan 2005 11:11:19 +0000 Subject: Re: [LARTC] iproute2 + netfilter problem Message-Id: <41E8FA57.8070608@sch.bme.hu> List-Id: References: <000801c4fa41$f5c80080$02c0a8c0@sazhost> In-Reply-To: <000801c4fa41$f5c80080$02c0a8c0@sazhost> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hali, saz wrote: > Hi guys, i have a problem with a configuration what i'm trying to do. > I have two computers with linux, A and B, connected in the same network > with this configuration: > > PC1 A: 192.168.192.1 > > PC2 B: 192.168.192.30 > > The PC1 A is a firewall doing nat... this one is connected to the > internet via an adsl modem and of course it have its own public ip , and > the router B is a smtp server but connected behind the router A, what > i'm trying to do is redirect the smtp incoming traffic of the router A > to the router B using iproute2 and nerfilter tools > > This is the configuration on the router A: > > *iptables -t mangle -A POSTROUTING -p tcp --dport 25 -j MARK --set-mark > 1* ( this marks the smtp packets with 1 ) > > i create a table called "smtp" in the rt_tables file. > > *ip rule add fwmark 1 table smtp* ( this is the rule for my table smtp ) > > and finally i declare a via in my smtp table, so the smtp traffic would > have to go by this way. > > *ip route add default via 192.168.192.30 table smtp* > ** > Ok... for example if i make a telnet to PC1 on the 25 port.. this should > redirect me to PC2 where is my real smtp server, but is not > working... any idea of why ? the PC2 have not a firewall.. I think you totally misunderstood a few things. Routing is a different layer (IP) than port 25 (smtp, TCP). You can not make tcp port 25 redirect using routing tools. Here is an axample how to do it. $IPTABLES -t nat -A PREROUTING -i $EXTERNAL_INTERFACE -s $ANYWHERE -p tcp --dport 25 -j DNAT --to-destination 192.168.1.x:25 $IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -d $INTERNAL_NET -p TCP -s $ANYWHERE --sport $UNPRIVPORTS \ -d 192.168.1.x --dport 25 -j ACCEPT I recommend you to read a book about basic networking layers and/or iptables. -- Udv, Nandor _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/