routing mail on a different gateway

routing mail on a different gateway

[Julien]

Good Morning,

I have a linux box with two dsl modems on it (connection is done via 
pppoe), I'm trying to route default traffic on the primary connection 
(ppp0) and mail traffic on another one (ppp1).

This traffic should be able to come from the localhost or the lan via NAT.

I run Slackware 9.1 (Kernel 2.4.22), recompiled with necessary options 
for using iproute2.

According to the advanced routing howto, I did the following :

iptables −A PREROUTING −i eth0 −t mangle −p tcp −−dport 25 −j MARK 
−−set−mark 1
iptables −A PREROUTING −i lo −t mangle −p tcp −−dport 25 −j MARK 
−−set−mark 1

I'm not sure whether "lo" is needed.

echo 201 mail.out >> /etc/iproute2/rt_tables
ip rule add fwmark 1 table mail.out

/sbin/ip route add default via [Second's ISP Gateway] dev ppp1 table 
mail.out

I get no error message, and ip rule ls and ip route show params where 
recorded.

But if I do telnet somemail.server.com 25, I get a timeout and no data 
is sent via ppp1 (seen using ifconfig ppp1 or tcpdump -i ppp1).

I can't figure what can be wrong nor where I should start looking for.
I also looked in the ip-cref doc and found nothing that could help me.

Feel free to ask me on any point I would have forgotten.

Do you have an idea in order to solve this problem ?

Thanks, in advance !

Julien.

routing mail on a different gateway

[Julien]

Good Morning,

I have a linux box with two dsl modems on it (connection is done via 
pppoe), I'm trying to route default traffic on the primary connection 
(ppp0) and mail traffic on another one (ppp1).

This traffic should be able to come from the localhost or the lan via NAT.

I run Slackware 9.1 (Kernel 2.4.22), recompiled with necessary options 
for using iproute2.

According to the advanced routing howto, I did the following :

iptables −A PREROUTING −i eth0 −t mangle −p tcp −−dport 25 −j MARK 
−−set−mark 1
iptables −A PREROUTING −i lo −t mangle −p tcp −−dport 25 −j MARK 
−−set−mark 1

I'm not sure whether "lo" is needed.

echo 201 mail.out >> /etc/iproute2/rt_tables
ip rule add fwmark 1 table mail.out

/sbin/ip route add default via [Second's ISP Gateway] dev ppp1 table 
mail.out

I get no error message, and ip rule ls and ip route show params where 
recorded.

But if I do telnet somemail.server.com 25, I get a timeout and no data 
is sent via ppp1 (seen using ifconfig ppp1 or tcpdump -i ppp1).

I can't figure what can be wrong nor where I should start looking for.
I also looked in the ip-cref doc and found nothing that could help me.

Feel free to ask me on any point I would have forgotten.

Do you have an idea in order to solve this problem ?

Thanks, in advance !

Julien.

Re: routing mail on a different gateway

[Julian Gomez]

On Fri, Jul 23, 2004 at 10:25:11AM +0200, Julien spoke thusly:

>Good Morning,
>
>I have a linux box with two dsl modems on it (connection is done via
>pppoe), I'm trying to route default traffic on the primary connection
>(ppp0) and mail traffic on another one (ppp1).
>
>This traffic should be able to come from the localhost or the lan via
>NAT.
>
>I run Slackware 9.1 (Kernel 2.4.22), recompiled with necessary options
>for using iproute2.

Okay. Do you have corresponding OUTPUT / FORWARD rules defined?

Re: routing mail on a different gateway

[Julien]

Julian Gomez wrote:

>On Fri, Jul 23, 2004 at 10:25:11AM +0200, Julien spoke thusly:
>
>  
>
>>Good Morning,
>>
>>I have a linux box with two dsl modems on it (connection is done via
>>pppoe), I'm trying to route default traffic on the primary connection
>>(ppp0) and mail traffic on another one (ppp1).
>>
>>This traffic should be able to come from the localhost or the lan via
>>NAT.
>>
>>I run Slackware 9.1 (Kernel 2.4.22), recompiled with necessary options
>>for using iproute2.
>>    
>>
>
>Okay. Do you have corresponding OUTPUT / FORWARD rules defined
>
Thanks to your hint, I found that I (silly) forgot to set output rules 
for ppp1. Now I can do that (that was not working before, packets were 
dropped)

ip route add to 213.41.143.209 via [gateway_ip] dev ppp1

and all traffic to 213.41.143.209 goes through ppp1.

But routing mail traffic on second gateway still doesn't work as I would 
like : packets are not dropped but mail traffic still goes through ppp0. 
Here is the output of ip route :

62.4.16.226 dev ppp0  proto kernel  scope link  src 62.212.120.196
193.253.160.3 dev ppp1  proto kernel  scope link  src 80.14.101.245
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.200
127.0.0.0/8 dev lo  scope link
default via 62.4.16.226 dev ppp0

62.212.120.196 is first isp's assigned ip
62.4.16.226 is first isp's gateway
193.253.160.3 is second isp's gateway
80.14.101.245 is second isp's ip (dynamic)

And the output from ip rule ls :
0:      from all lookup local
32765:  from all fwmark 0x1 lookup mail.out
32766:  from all lookup main
32767:  from all lookup default

Is there a way to check if packets are correctly marked ?

Thanks, Julien.

Re: routing mail on a different gateway

[Julien]

Daniel Colicov wrote:

>Good Morning,
>
>I have a linux box with two dsl modems on it (connection is done via
>pppoe), I'm trying to route default traffic on the primary connection
>(ppp0) and mail traffic on another one (ppp1).
>
>This traffic should be able to come from the localhost or the lan via
>NAT.
>
>I run Slackware 9.1 (Kernel 2.4.22), recompiled with necessary options
>for using iproute2.
>
>According to the advanced routing howto, I did the following :
>
>iptables −A PREROUTING −i eth0 −t mangle −p tcp −−dport 25 −j MARK
>−−set−mark 1
>iptables −A PREROUTING −i lo −t mangle −p tcp −−dport 25 −j MARK
>−−set−mark 1
>
>I'm not sure whether "lo" is needed.
>
>echo 201 mail.out >> /etc/iproute2/rt_tables
>ip rule add fwmark 1 table mail.out
>
>/sbin/ip route add default via [Second's ISP Gateway] dev ppp1 table
>mail.out
>
>I get no error message, and ip rule ls and ip route show params where
>recorded.
>
>But if I do telnet somemail.server.com 25, I get a timeout and no data
>is sent via ppp1 (seen using ifconfig ppp1 or tcpdump -i ppp1).
>
>I can't figure what can be wrong nor where I should start looking for.
>I also looked in the ip-cref doc and found nothing that could help me.
>
>Feel free to ask me on any point I would have forgotten.
>
>Do you have an idea in order to solve this problem ?
>
>Thanks, in advance !
>
>hello,
>2 days ago i had the same problem...do you use SNAT option to nat the
>users behind the server? if you do, try iptables -t nat -I
>POSTROUTING -p tcp -s 10.0.255.0/24 --dport 25 -j MASQUERADE and in
>forward put a -I FORWARD -s 10.0.255.0/24 -j ACCEPT...I used SNAT with
>iproute and marking packets and didn't work(it's a little difficult) so
>i choose to use MASQUERADE instead. replace the LAN ips with
>yours....then iptables -t mangle -I PREROUTING -s 10.0.255.0/24 -j
>MARK --set-mark 2
>then :
>echo 50 mail.out >> /etc/iproute2/rt_table
> ip rule add fwmark 2 prio 50 table mail.out
>ip route add default via 10.0.254.1 dev eth2 table mail.out   (dev eth2
>is the ethernet with the second provider, eth1 with 1st isp and eth0
>with LAN)
>ip route flush cache...use tcpdump to see the packets.
>so should be work...
>
>good luck
>  
>
Thanks for your answer. Actually I use MASQUERADE, I just made a new 
post relating what I see now, you can take a look at it if you want, if 
you have an idea ;-)

Julien.

Re: routing mail on a different gateway

[Julien]

Julien wrote:

> Good Morning,
>
> I have a linux box with two dsl modems on it (connection is done via 
> pppoe), I'm trying to route default traffic on the primary connection 
> (ppp0) and mail traffic on another one (ppp1).
>
> This traffic should be able to come from the localhost or the lan via 
> NAT.
>
> I run Slackware 9.1 (Kernel 2.4.22), recompiled with necessary options 
> for using iproute2.
>
> According to the advanced routing howto, I did the following :
>
> iptables −A PREROUTING −i eth0 −t mangle −p tcp −−dport 25 −j MARK 
> −−set−mark 1
> iptables −A PREROUTING −i lo −t mangle −p tcp −−dport 25 −j MARK 
> −−set−mark 1
>
> I'm not sure whether "lo" is needed.
>
> echo 201 mail.out >> /etc/iproute2/rt_tables
> ip rule add fwmark 1 table mail.out
>
> /sbin/ip route add default via [Second's ISP Gateway] dev ppp1 table 
> mail.out
>
> I get no error message, and ip rule ls and ip route show params where 
> recorded.
>
> But if I do telnet somemail.server.com 25, I get a timeout and no data 
> is sent via ppp1 (seen using ifconfig ppp1 or tcpdump -i ppp1).
>
> I can't figure what can be wrong nor where I should start looking for.
> I also looked in the ip-cref doc and found nothing that could help me.
>
> Feel free to ask me on any point I would have forgotten.
>
> Do you have an idea in order to solve this problem ?
>
> Thanks, in advance !
>
> Julien.
>
Now I changed iptables line to :

iptables −A OUTPUT −t mangle −p tcp −−dport 25  −j MARK −−set−mark 1

in order to mangle packets locally generated, that works better since I 
want to route local postfix's traffic.

When I do telnet smtp.someisp.com 25, I see with tcpdump the packets 
going out through the interface ppp1 :

14:32:40.693429 62.212.120.196.34515 > 193.252.22.80.smtp: S 
4069327741:4069327741(0) win 5808 <mss 1452,sackOK,timestamp 929359 
0,nop,wscale 0> (DF) [tos 0x10]

But the problem is that there are originated from 62.212.120.196, which 
is the ip of ppp0, not ppp1. So packets can't take the way back.

How can I change the "from" ip of packets that are routed through ppp1 ?

Thanks for your help.

Julien

RE: routing mail on a different gateway

[Rob Sterenborg]

> But the problem is that there are originated from 
> 62.212.120.196, which is the ip of ppp0, not ppp1. So packets 
> can't take the way back.
> 
> How can I change the "from" ip of packets that are routed 
> through ppp1 ?

Maybe this will do ; use ppp+ instead of ppp0 or ppp1.
ppp+ matches any ppp.


Gr,
Rob

RE: routing mail on a different gateway

[Julien]

Piszcz, Justin Michael wrote:

> If you use qmail you can use the outgoing IP patch, this is what I had 
> to do, I had no luck trying to get it to work with iptables, although 
> if you do, please inform me how :)
>
>
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org 
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Julien
> Sent: Friday, July 23, 2004 8:33 AM
> To: netfilter@lists.netfilter.org
> Subject: Re: routing mail on a different gateway
>
> Julien wrote:
>
>
>
>> Good Morning,
>>
>> I have a linux box with two dsl modems on it (connection is done via 
>> pppoe), I'm trying to route default traffic on the primary connection 
>> (ppp0) and mail traffic on another one (ppp1).
>>
>> This traffic should be able to come from the localhost or the lan via 
>> NAT.
>>
>> I run Slackware 9.1 (Kernel 2.4.22), recompiled with necessary 
>> options for using iproute2.
>>
>> According to the advanced routing howto, I did the following :
>>
>> iptables −A PREROUTING −i eth0 −t mangle −p tcp −−dport 25 −j MARK 
>> −−set−mark 1
>> iptables −A PREROUTING −i lo −t mangle −p tcp −−dport 25 −j MARK 
>> −−set−mark 1
>>
>> I'm not sure whether "lo" is needed.
>>
>> echo 201 mail.out >> /etc/iproute2/rt_tables
>> ip rule add fwmark 1 table mail.out
>>
>> /sbin/ip route add default via [Second's ISP Gateway] dev ppp1 table 
>> mail.out
>>
>> I get no error message, and ip rule ls and ip route show params where 
>> recorded.
>>
>> But if I do telnet somemail.server.com 25, I get a timeout and no 
>> data is sent via ppp1 (seen using ifconfig ppp1 or tcpdump -i ppp1).
>>
>> I can't figure what can be wrong nor where I should start looking for.
>> I also looked in the ip-cref doc and found nothing that could help me.
>>
>> Feel free to ask me on any point I would have forgotten.
>>
>> Do you have an idea in order to solve this problem ?
>>
>> Thanks, in advance !
>>
>> Julien.
>>
>>
> Now I changed iptables line to :
>
> iptables −A OUTPUT −t mangle −p tcp −−dport 25 −j MARK −−set−mark 1
>
> in order to mangle packets locally generated, that works better since 
> I want to route local postfix's traffic.
>
> When I do telnet smtp.someisp.com 25, I see with tcpdump the packets 
> going out through the interface ppp1 :
>
> 14:32:40.693429 62.212.120.196.34515 > 193.252.22.80.smtp: S 
> 4069327741:4069327741(0) win 5808 <mss 1452,sackOK,timestamp 929359 
> 0,nop,wscale 0> (DF) [tos 0x10]
>
> But the problem is that there are originated from 62.212.120.196, 
> which is the ip of ppp0, not ppp1. So packets can't take the way back.
>
> How can I change the "from" ip of packets that are routed through ppp1 ?
>
> Thanks for your help.
>
> Julien
>
>
In fact, I'm running postfix so I can't do it this manner. But thanks 
for telling me that was possible, it's an interesting solution for doing 
that.

Regarding iproute2, it's almost working for me as you can see. I if 
succeed I'll sure tell you.

Julien

Re: routing mail on a different gateway

[Julien]

[-- Attachment #1: Type: text/html, Size: 829 bytes --]

RE: routing mail on a different gateway

[Rob Sterenborg]

> > Maybe this will do ; use ppp+ instead of ppp0 or ppp1.
> > ppp+ matches any ppp.

> Where should I use it ? iproute2 doesn't understand ppp+

Sorry, I thought you were using netfilter to match an interface...
Netfilter/iptables does understand it.


Gr,
Rob