Without iproute iptables -t nat -A POSTROUTING -s $SMTP -p tcp --sport 1024: --dport 25 -j SNAT --to-source $IP_B 30.05.2002 19:05:13, Sellaro <sellaro@email.it> wrote: >Hi there > >I'm trying to set up policy routing in a simple scenario without further >success. My linux router is connected to two different cable ISPs. One >of these links (hereafter named A) permits traffic to SMTP servers while >the other (link B) doesn't. > >What I am trying to set up is: all traffic should flow through link B >and only SMTP traffic through link A. > >What I am doing: > >Marking all packets from my intranet with source port within the range >1024 to 65535 and with destination port 25 with mark 0x3. I am also >marking packets from our internal SMTP server with source port 25 to any >other port with the same mark. Marks are being made in the OUTPUT chain >(using iptables) as follows: > >iptables -t mangle -A OUTPUT -p tcp --sport 1024:65535 --dport 25 -j >MARK --set-mark 3 > >iptables -t mangle -A OUTPUT -p tcp -s <MY SMTP SERVER> --sport 25 -j >MARK --set-mark 3 > >Then, I have created a new routing table named SMTP-ROUTE with default >gateway being the default gateway for link A as follows: > >ip ro add default via <A's default GW> table SMTP-ROUTE > >To complete the setup, I've added a rule stating that all packets marked >with 0x3 should use SMTP-ROUTE with this command: > >ip ru add fwmark 3 table SMTP-ROUTE > >Yes, I've flushed the routing cache with: > >ip ro flush cache > >Default route in main routing table is B's gateway. > >I don't know why, but SMTP traffic keeps going through B's gateway, >instead of A's, as expected. > >I've sniffed the network and, in fact, the packets are trying to go out >through B's gateway. > >Can anyone please point what I am doing wrong? > >Thank you in advance >-- >Sellaro > >Agente Livre - Linux Community (www.agentelivre.org) > >PGP Key ID: 3ADF8645 >PGP Key Fingerprint: 6AB0 D60B 69B5 B3F9 4553 2242 A1D0 17C0 3ADF 8645 > >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > ----------------------------------- mailto:alexey_talikov@texlab.com.uz BR Alexey Talikov FORTEK ----------------------------------- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
