[LARTC] Policy Routing (Again)

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Floks

I do apologize for asking this again, but I have ended all my resistence
and thinking resources trying to solve this (yet simple) problem. Maybe
one of you could help me to figure out what I am doing wrong.

I have a Linux box which receives two Cable links. Link A (gateway
10.11.0.1 does not allow SMTP traffic to flow). Link B (has a valid IP.
This host is our SMTP and DNS server and all traffic is allowed).

What I am trying to do: all traffic generated inside our network should
go out through link A. Because of the previous restrictions, however,
SMTP traffic should follow link B instead. All outside traffic shoud
arrive from (and go back through) link B.

My topology is as follows:

(10.11.0.1) Link A --------| eth2
                           |   -----------  eth0       ---------
                           -- |Router/SMTP|-----------|Intranet |
                           |   -----------             ---------
                           | eth1
(ww.xx.y.z) Link B---------|


What I was trying to implement as solution: I have created an
alternative routing table whose default route is ww.xx.y.z and name is
mail. My main routing table's default route is 10.11.0.1.

Then I decided to mark all outgoing SMTP packets with fwmark 1 (marked
using iptables). I've marked them like this:

iptables -t mangle -A OUTPUT - p tcp --dport 25 -j MARK --set-mark 1

I have, then, added a rule pointing to alternative routing table:

ip rule add priority 15000 fwmark 1 table mail

I have flushed routing cache with:

ip route flush cache

And have generated some traffic trying to telnet port 25 of an external
route from the router/SMTP (see picture above).

Sniffing network shown me that packets have exited with source address
10.11.0.1, which means my set up is completly useless.

Just for the records, I am using v1.2.5 in a Debian (woody) with kernel
2.4.18 (only HTB patch).

Any help would be very welcome.

Thank you in advnace for your time.
-- 
Sellaro

Agente Livre - Linux Community (www.agentelivre.org)

PGP Key ID: 3ADF8645
PGP Key Fingerprint: 6AB0 D60B 69B5 B3F9 4553  2242 A1D0 17C0 3ADF 8645

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux