Re: [LARTC] Help in understanding routing/tables/chains

From: Julien <dyna@tri-oxyde.org>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Help in understanding routing/tables/chains
Date: Sun, 25 Jul 2004 11:10:42 +0000	[thread overview]
Message-ID: <41039532.8060401@tri-oxyde.org> (raw)

Jens wrote:

>I am trying to trace a problem I have in redirecting my mail traffic to a 
>different ISP. I have set up a whole bunch of logging rules but am still a 
>bit mystified and could use some clarification....
>
>The setup (shortened somewhat for this example):
>Cable connection coming into a firewall/router going to a mail server in the 
>DMZ.
>The interface on the firewall/router that the cable uses (to the internet) is 
>eth0. The interface on the firewall/router to the DMZ is eth3
>
>I log all (I believe) destination port 25 packets going thru the firewall. The 
>current setup does not do any redirection of traffic to port 25 - everything 
>goes out the default interface eth0 and the whole setup works. I am trying to 
>get a baseline as to what I should see when I do the redirection later on.
>To run my test, I am on the mailserver box and I initiate a telnet to a remote 
>ISP's mail server on port 25.
>
>The log messages I see are as follows:
>
>the first packet shows a traversal thru the nat filters as expected
>The source and destination IP's are always the same - the source is always the 
>ip of my mail server and the destination is always the ip of the remote ISP's 
>mail server
>
>mangle	preroute	 	in eth3	src <Mailserver>  dst <destination of mail>
>nat 		preroute		in eth3
>mangle	forward		in eth3
>mangle 	postroute		out eth0
>
>the second packet no longer shows traversal thru the nat filter
>mangle  	preroute		in eth3
>mangle 	forward	 	in eth3
>mangle 	postroute 	out eth0  
>
>The things that I am having problems understanding are:
>
>1) I see the packet going into eth3, doing the preroute, the forward but I see 
>no postroute on eth3. I also don't see the packet going into eth0 or doing 
>anything until it comes out the postroute table. Why isn't there anything in 
>between ? 
>
>2) The connection I establish is from a local ip 192.168.1.2 to the ISP's mail 
>server on the internet. The connection is fully functional so it's nat'ed 
>properly. Why is it that I don't see the change of source IP in the mangle 
>postroute (as the packet comes out of eth0 which is the internet interface) ?
>Why don't I see the address change anywhere ?
>
>I am sorry to ask such basic questions but this stuff is crucial in me 
>figuring out what is happening and I have not managed to put the clues 
>together from the documents and how-to's that I have studied so far.
>
>Thanks
>
>Jens
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>  
>
I'm trying to do the same thing, as you can see from my previous posts, 
it's working a little better as redirection works. Can you show us the 
ip route add, iptables -t mangle and ip route add command lines you used 
so we can check what could be wrong ?

Julien

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/