From: Marco Gaiarin <gaio@sv.lnf.it>
To: lartc@vger.kernel.org
Subject: Again policy routing and OUTPUT...
Date: Wed, 10 Feb 2021 09:15:07 +0000 [thread overview]
Message-ID: <20210210091507.GD3677@sv.lnf.it> (raw)
Rewiewing the mark and saving/restoring of the marks in the chain seems
was useful, and now the policy routing for local-generated traffic
works as expected.
Apart one little thing... local service (exim SMTP server, indeed) open
outgoing connection using one of the available interface, and this
happen:
1 0.000000000 10.5.248.254 → 108.177.126.27 TCP 74 46008 → 25 [SYN, ECN, CWR] Seq=0 Win)200 Len=0 MSS\x1460 SACK_PERM=1 TSval1379463 TSecr=0 WS\x128
2 1.027849378 10.5.248.254 → 108.177.126.27 TCP 74 [TCP Retransmission] 46008 → 25 [SYN] Seq=0 Win)200 Len=0 MSS\x1460 SACK_PERM=1 TSval1379720 TSecr=0 WS\x128
3 3.043787137 10.5.248.254 → 108.177.126.27 TCP 74 [TCP Retransmission] 46008 → 25 [SYN] Seq=0 Win)200 Len=0 MSS\x1460 SACK_PERM=1 TSval1380224 TSecr=0 WS\x128
4 7.139530714 10.5.248.254 → 108.177.126.27 TCP 74 [TCP Retransmission] 46008 → 25 [SYN] Seq=0 Win)200 Len=0 MSS\x1460 SACK_PERM=1 TSval1381248 TSecr=0 WS\x128
eg, traffic get correctly routed to the choosen interface via policy
routing, but source IP was 'a random interface IP' in the available
pool.
I can use SNAT to change source IP but... there's some more 'elegant'
solution?
Surely, best solution would be to work as 'application level', eg
instruct exim to use for some traffic only the scecific source
interface but... seems not possible, or too complex to achive.
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
next reply other threads:[~2021-02-10 9:15 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-10 9:15 Marco Gaiarin [this message]
2021-02-10 16:41 ` Again policy routing and OUTPUT Grant Taylor
2021-02-12 11:25 ` Marco Gaiarin
2021-02-13 17:36 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210210091507.GD3677@sv.lnf.it \
--to=gaio@sv.lnf.it \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox