[LARTC] Policy Routing (Again)

[LARTC] Policy Routing (Again)

[Sellaro]

Floks

I do apologize for asking this again, but I have ended all my resistence
and thinking resources trying to solve this (yet simple) problem. Maybe
one of you could help me to figure out what I am doing wrong.

I have a Linux box which receives two Cable links. Link A (gateway
10.11.0.1 does not allow SMTP traffic to flow). Link B (has a valid IP.
This host is our SMTP and DNS server and all traffic is allowed).

What I am trying to do: all traffic generated inside our network should
go out through link A. Because of the previous restrictions, however,
SMTP traffic should follow link B instead. All outside traffic shoud
arrive from (and go back through) link B.

My topology is as follows:

(10.11.0.1) Link A --------| eth2
                           |   -----------  eth0       ---------
                           -- |Router/SMTP|-----------|Intranet |
                           |   -----------             ---------
                           | eth1
(ww.xx.y.z) Link B---------|


What I was trying to implement as solution: I have created an
alternative routing table whose default route is ww.xx.y.z and name is
mail. My main routing table's default route is 10.11.0.1.

Then I decided to mark all outgoing SMTP packets with fwmark 1 (marked
using iptables). I've marked them like this:

iptables -t mangle -A OUTPUT - p tcp --dport 25 -j MARK --set-mark 1

I have, then, added a rule pointing to alternative routing table:

ip rule add priority 15000 fwmark 1 table mail

I have flushed routing cache with:

ip route flush cache

And have generated some traffic trying to telnet port 25 of an external
route from the router/SMTP (see picture above).

Sniffing network shown me that packets have exited with source address
10.11.0.1, which means my set up is completly useless.

Just for the records, I am using v1.2.5 in a Debian (woody) with kernel
2.4.18 (only HTB patch).

Any help would be very welcome.

Thank you in advnace for your time.
-- 
Sellaro

Agente Livre - Linux Community (www.agentelivre.org)

PGP Key ID: 3ADF8645
PGP Key Fingerprint: 6AB0 D60B 69B5 B3F9 4553  2242 A1D0 17C0 3ADF 8645

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Policy Routing (Again)

[Catalin BOIE]

> Then I decided to mark all outgoing SMTP packets with fwmark 1 (marked
> using iptables). I've marked them like this:
>
> iptables -t mangle -A OUTPUT - p tcp --dport 25 -j MARK --set-mark 1
>
> I have, then, added a rule pointing to alternative routing table:
>
> ip rule add priority 15000 fwmark 1 table mail
>
> I have flushed routing cache with:
>
> ip route flush cache
>
> And have generated some traffic trying to telnet port 25 of an external
> route from the router/SMTP (see picture above).

Try this:

ip ro del default
ip ro add default via x.y.z.t table default

Let me know if it works.

>
> Sniffing network shown me that packets have exited with source address
> 10.11.0.1, which means my set up is completly useless.
>
> Just for the records, I am using v1.2.5 in a Debian (woody) with kernel
> 2.4.18 (only HTB patch).
>
> Any help would be very welcome.
>
> Thank you in advnace for your time.
> --
> Sellaro
>
> Agente Livre - Linux Community (www.agentelivre.org)
>
> PGP Key ID: 3ADF8645
> PGP Key Fingerprint: 6AB0 D60B 69B5 B3F9 4553  2242 A1D0 17C0 3ADF 8645
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

---
Catalin(ux) BOIE
catab@deuroconsult.ro
openh323://dino.rdsbv.ro

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/