All of lore.kernel.org
 help / color / mirror / Atom feed
From: Sellaro <sellaro@email.it>
To: lartc@vger.kernel.org
Subject: [LARTC] Policy Routing (Again)
Date: Mon, 03 Jun 2002 21:04:06 +0000	[thread overview]
Message-ID: <marc-lartc-102313834325134@msgid-missing> (raw)

Floks

I do apologize for asking this again, but I have ended all my resistence
and thinking resources trying to solve this (yet simple) problem. Maybe
one of you could help me to figure out what I am doing wrong.

I have a Linux box which receives two Cable links. Link A (gateway
10.11.0.1 does not allow SMTP traffic to flow). Link B (has a valid IP.
This host is our SMTP and DNS server and all traffic is allowed).

What I am trying to do: all traffic generated inside our network should
go out through link A. Because of the previous restrictions, however,
SMTP traffic should follow link B instead. All outside traffic shoud
arrive from (and go back through) link B.

My topology is as follows:

(10.11.0.1) Link A --------| eth2
                           |   -----------  eth0       ---------
                           -- |Router/SMTP|-----------|Intranet |
                           |   -----------             ---------
                           | eth1
(ww.xx.y.z) Link B---------|


What I was trying to implement as solution: I have created an
alternative routing table whose default route is ww.xx.y.z and name is
mail. My main routing table's default route is 10.11.0.1.

Then I decided to mark all outgoing SMTP packets with fwmark 1 (marked
using iptables). I've marked them like this:

iptables -t mangle -A OUTPUT - p tcp --dport 25 -j MARK --set-mark 1

I have, then, added a rule pointing to alternative routing table:

ip rule add priority 15000 fwmark 1 table mail

I have flushed routing cache with:

ip route flush cache

And have generated some traffic trying to telnet port 25 of an external
route from the router/SMTP (see picture above).

Sniffing network shown me that packets have exited with source address
10.11.0.1, which means my set up is completly useless.

Just for the records, I am using v1.2.5 in a Debian (woody) with kernel
2.4.18 (only HTB patch).

Any help would be very welcome.

Thank you in advnace for your time.
-- 
Sellaro

Agente Livre - Linux Community (www.agentelivre.org)

PGP Key ID: 3ADF8645
PGP Key Fingerprint: 6AB0 D60B 69B5 B3F9 4553  2242 A1D0 17C0 3ADF 8645

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

             reply	other threads:[~2002-06-03 21:04 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-06-03 21:04 Sellaro [this message]
2002-06-04  8:29 ` [LARTC] Policy Routing (Again) Catalin BOIE

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-102313834325134@msgid-missing \
    --to=sellaro@email.it \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.