From: Alexey Talikov <alexey_talikov@texlab.com.uz>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Wierd Policy Routing Behaviour
Date: Fri, 31 May 2002 03:57:38 +0000 [thread overview]
Message-ID: <marc-lartc-102281757509365@msgid-missing> (raw)
In-Reply-To: <marc-lartc-102276759427299@msgid-missing>
Without iproute
iptables -t nat -A POSTROUTING -s $SMTP -p tcp --sport 1024: --dport 25 -j SNAT --to-source $IP_B
30.05.2002 19:05:13, Sellaro <sellaro@email.it> wrote:
>Hi there
>
>I'm trying to set up policy routing in a simple scenario without further
>success. My linux router is connected to two different cable ISPs. One
>of these links (hereafter named A) permits traffic to SMTP servers while
>the other (link B) doesn't.
>
>What I am trying to set up is: all traffic should flow through link B
>and only SMTP traffic through link A.
>
>What I am doing:
>
>Marking all packets from my intranet with source port within the range
>1024 to 65535 and with destination port 25 with mark 0x3. I am also
>marking packets from our internal SMTP server with source port 25 to any
>other port with the same mark. Marks are being made in the OUTPUT chain
>(using iptables) as follows:
>
>iptables -t mangle -A OUTPUT -p tcp --sport 1024:65535 --dport 25 -j
>MARK --set-mark 3
>
>iptables -t mangle -A OUTPUT -p tcp -s <MY SMTP SERVER> --sport 25 -j
>MARK --set-mark 3
>
>Then, I have created a new routing table named SMTP-ROUTE with default
>gateway being the default gateway for link A as follows:
>
>ip ro add default via <A's default GW> table SMTP-ROUTE
>
>To complete the setup, I've added a rule stating that all packets marked
>with 0x3 should use SMTP-ROUTE with this command:
>
>ip ru add fwmark 3 table SMTP-ROUTE
>
>Yes, I've flushed the routing cache with:
>
>ip ro flush cache
>
>Default route in main routing table is B's gateway.
>
>I don't know why, but SMTP traffic keeps going through B's gateway,
>instead of A's, as expected.
>
>I've sniffed the network and, in fact, the packets are trying to go out
>through B's gateway.
>
>Can anyone please point what I am doing wrong?
>
>Thank you in advance
>--
>Sellaro
>
>Agente Livre - Linux Community (www.agentelivre.org)
>
>PGP Key ID: 3ADF8645
>PGP Key Fingerprint: 6AB0 D60B 69B5 B3F9 4553 2242 A1D0 17C0 3ADF 8645
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
-----------------------------------
mailto:alexey_talikov@texlab.com.uz
BR
Alexey Talikov
FORTEK
-----------------------------------
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2002-05-31 3:57 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-30 14:05 [LARTC] Wierd Policy Routing Behaviour Sellaro
2002-05-30 15:22 ` Martin A. Brown
2002-05-30 15:42 ` Sellaro
2002-05-31 3:57 ` Alexey Talikov [this message]
2002-05-31 11:24 ` Sellaro
2002-05-31 11:44 ` Alexey Talikov
2002-05-31 12:03 ` Sellaro
2002-05-31 12:15 ` Alexey Talikov
2002-05-31 13:48 ` Sellaro
2002-05-31 14:33 ` Alexey Talikov
2002-05-31 14:45 ` Sellaro
2002-05-31 15:37 ` Alexey Talikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-102281757509365@msgid-missing \
--to=alexey_talikov@texlab.com.uz \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox