From: Alexey Talikov <alexey_talikov@texlab.com.uz>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Wierd Policy Routing Behaviour
Date: Fri, 31 May 2002 03:57:38 +0000 [thread overview]
Message-ID: <marc-lartc-102281757509365@msgid-missing> (raw)
In-Reply-To: <marc-lartc-102276759427299@msgid-missing>
Without iproute
iptables -t nat -A POSTROUTING -s $SMTP -p tcp --sport 1024: --dport 25 -j SNAT --to-source $IP_B
30.05.2002 19:05:13, Sellaro <sellaro@email.it> wrote:
>Hi there
>
>I'm trying to set up policy routing in a simple scenario without further
>success. My linux router is connected to two different cable ISPs. One
>of these links (hereafter named A) permits traffic to SMTP servers while
>the other (link B) doesn't.
>
>What I am trying to set up is: all traffic should flow through link B
>and only SMTP traffic through link A.
>
>What I am doing:
>
>Marking all packets from my intranet with source port within the range
>1024 to 65535 and with destination port 25 with mark 0x3. I am also
>marking packets from our internal SMTP server with source port 25 to any
>other port with the same mark. Marks are being made in the OUTPUT chain
>(using iptables) as follows:
>
>iptables -t mangle -A OUTPUT -p tcp --sport 1024:65535 --dport 25 -j
>MARK --set-mark 3
>
>iptables -t mangle -A OUTPUT -p tcp -s <MY SMTP SERVER> --sport 25 -j
>MARK --set-mark 3
>
>Then, I have created a new routing table named SMTP-ROUTE with default
>gateway being the default gateway for link A as follows:
>
>ip ro add default via <A's default GW> table SMTP-ROUTE
>
>To complete the setup, I've added a rule stating that all packets marked
>with 0x3 should use SMTP-ROUTE with this command:
>
>ip ru add fwmark 3 table SMTP-ROUTE
>
>Yes, I've flushed the routing cache with:
>
>ip ro flush cache
>
>Default route in main routing table is B's gateway.
>
>I don't know why, but SMTP traffic keeps going through B's gateway,
>instead of A's, as expected.
>
>I've sniffed the network and, in fact, the packets are trying to go out
>through B's gateway.
>
>Can anyone please point what I am doing wrong?
>
>Thank you in advance
>--
>Sellaro
>
>Agente Livre - Linux Community (www.agentelivre.org)
>
>PGP Key ID: 3ADF8645
>PGP Key Fingerprint: 6AB0 D60B 69B5 B3F9 4553 2242 A1D0 17C0 3ADF 8645
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
-----------------------------------
mailto:alexey_talikov@texlab.com.uz
BR
Alexey Talikov
FORTEK
-----------------------------------
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2002-05-31 3:57 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-30 14:05 [LARTC] Wierd Policy Routing Behaviour Sellaro
2002-05-30 15:22 ` Martin A. Brown
2002-05-30 15:42 ` Sellaro
2002-05-31 3:57 ` Alexey Talikov [this message]
2002-05-31 11:24 ` Sellaro
2002-05-31 11:44 ` Alexey Talikov
2002-05-31 12:03 ` Sellaro
2002-05-31 12:15 ` Alexey Talikov
2002-05-31 13:48 ` Sellaro
2002-05-31 14:33 ` Alexey Talikov
2002-05-31 14:45 ` Sellaro
2002-05-31 15:37 ` Alexey Talikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-102281757509365@msgid-missing \
--to=alexey_talikov@texlab.com.uz \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.