From: Greg Cope <gregcope@gmail.com>
To: netfilter@lists.netfilter.org
Subject: How to Get a DMZ hosts's trafic routed via a particular IP address on a firewall?
Date: Thu, 5 May 2005 17:31:54 +0100 [thread overview]
Message-ID: <c0e9781f05050509315ff51a77@mail.gmail.com> (raw)
Hi all,
I have an iptables firewall that has 3 ethernet cards,
eth0(Red/internet) , eth1 (DMZ), eth2 (lan)
eth0 has a few alias;
eth0 (217.154.55.249) gateway
eth0:1 (217.154.55.250) for the mail server - an A record for mail.e-dba.net
eth0:2 (217.154.55.253) for a webserver
eth0:3 (217.154.55.245) another alias for a host on the DMZ
When sending trafic from this firewall host or any host behind it the
trafic leaves from eth0 (217.154.55.249).
The firewalls default gateway router is an ADLS ethernet modem on 217.154.55.241
However mail (SMTP) trafic goes in via 217.154.55.250, and I would
like it to go out via 217.154.55.250 as this has the correct
(mail.e-dba.net) PTR records.
I have tried within my iptables script:
SMTP_MARK=2
echo 25 smtp.out >> /etc/iproute2/rt_tables
IPROUTE2_SMTP_TABLE="smtp.out"
INET_IFACE="eth0"
MAIL_INET_ALIAS="217.154.55.250"1"
$IPTABLES -A PREROUTING -i eth0 -t mangle -p tcp --dport 25 -j MARK
--set-mark ${SMTP_MASK}
ip rule add fwmark $SMTP_MARK table $IPROUTE2_SMTP_TABLE
- All good so far
But the following seem to do the wrong thing.....
ip route add table $IPROUTE2_SMTP_TABLE dev $INET_IFACE src $MAIL_INET_ALIAS
ip route add table $IPROUTE2_SMTP_TABLE default via $INET_IP
What am I doing wrong.
If anyone knows of any howtos/tutorials to RTFM then please let me know.
Thanks
Greg
next reply other threads:[~2005-05-05 16:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-05 16:31 Greg Cope [this message]
2005-05-05 21:34 ` How to Get a DMZ hosts's trafic routed via a particular IP address on a firewall? Jason Opperisano
2005-05-06 14:36 ` Greg Cope
2005-05-06 14:40 ` Jason Opperisano
2005-05-06 14:57 ` How to Get a DMZ hosts's trafic routed via a particular IP address on a firewall - NOW solved Greg Cope
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c0e9781f05050509315ff51a77@mail.gmail.com \
--to=gregcope@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox