Re: routing mail on a different gateway

[Julien <dyna@tri-oxyde.org>]

Daniel Colicov wrote:

>Good Morning,
>
>I have a linux box with two dsl modems on it (connection is done via
>pppoe), I'm trying to route default traffic on the primary connection
>(ppp0) and mail traffic on another one (ppp1).
>
>This traffic should be able to come from the localhost or the lan via
>NAT.
>
>I run Slackware 9.1 (Kernel 2.4.22), recompiled with necessary options
>for using iproute2.
>
>According to the advanced routing howto, I did the following :
>
>iptables −A PREROUTING −i eth0 −t mangle −p tcp −−dport 25 −j MARK
>−−set−mark 1
>iptables −A PREROUTING −i lo −t mangle −p tcp −−dport 25 −j MARK
>−−set−mark 1
>
>I'm not sure whether "lo" is needed.
>
>echo 201 mail.out >> /etc/iproute2/rt_tables
>ip rule add fwmark 1 table mail.out
>
>/sbin/ip route add default via [Second's ISP Gateway] dev ppp1 table
>mail.out
>
>I get no error message, and ip rule ls and ip route show params where
>recorded.
>
>But if I do telnet somemail.server.com 25, I get a timeout and no data
>is sent via ppp1 (seen using ifconfig ppp1 or tcpdump -i ppp1).
>
>I can't figure what can be wrong nor where I should start looking for.
>I also looked in the ip-cref doc and found nothing that could help me.
>
>Feel free to ask me on any point I would have forgotten.
>
>Do you have an idea in order to solve this problem ?
>
>Thanks, in advance !
>
>hello,
>2 days ago i had the same problem...do you use SNAT option to nat the
>users behind the server? if you do, try iptables -t nat -I
>POSTROUTING -p tcp -s 10.0.255.0/24 --dport 25 -j MASQUERADE and in
>forward put a -I FORWARD -s 10.0.255.0/24 -j ACCEPT...I used SNAT with
>iproute and marking packets and didn't work(it's a little difficult) so
>i choose to use MASQUERADE instead. replace the LAN ips with
>yours....then iptables -t mangle -I PREROUTING -s 10.0.255.0/24 -j
>MARK --set-mark 2
>then :
>echo 50 mail.out >> /etc/iproute2/rt_table
> ip rule add fwmark 2 prio 50 table mail.out
>ip route add default via 10.0.254.1 dev eth2 table mail.out   (dev eth2
>is the ethernet with the second provider, eth1 with 1st isp and eth0
>with LAN)
>ip route flush cache...use tcpdump to see the packets.
>so should be work...
>
>good luck
>  
>
Thanks for your answer. Actually I use MASQUERADE, I just made a new 
post relating what I see now, you can take a look at it if you want, if 
you have an idea ;-)

Julien.