Hi All, I have a Linux box (2.4.19, iptables 1.2.6a) that has two Ethernet interfaces. Eth0 is connected to a cisco which is connected to the Internet via a leasedline. Eth1 is connected to an ADSL connection. Both interfaces have a fixed IP address, and the default route points over the ADSL connection (because this is used for browsing, ftp and such). However, the Eth0 has the 'official' IP address and should be used for send e-mail and some ssh traffic. I already defined a policy to return incoming traffic over the interface it was received, so both interface can be contacted via the Internet. My question now is how to define a policy so specific traffic, generated locally by sendmail and ssh, uses eth0 as its interface in stead of eth1 which is used for the default route ? I already mark outgoing traffic in the mangle table thus iptables -A OUTPUT -t mangle -p tcp --dport 25 -j MARK --set-mark 1 I have to SNAT outgoing traffic as well: iptables -A POSTROUTING -t nat -m mark --mark 1 -j SNAT --to-source <eth0> I have added a table mail.out to /etc/iproute2/rt_tables and defined rules like this: ip rule add fwmark 1 table mail.out ip route add default via <gw on eth0 network> dev eth0 src <eth0> And when I do this: telnet <mailhost> 25 I indeed see a SYN packet coming out of eth0 to <mailhost>, and a SYN/ACK packet comes back. The problem is that it appears that the Linux box does not see this SYN/ACK packet and resends the SYN packet after a few seconds, which again is answered by a SYN/ACK and this goes on a few times. No other packet filters are active on the Linux box (yet). So how do I get this setup to work ? Am I heading for the wrong direction with the policy or is there something else missing ? thnx in advance, Arthur Donkers -- /* Disclaimer : you hire my skills, not my opinions, those are mine ! */ /* email : arthur@reseau.nl Security 'Me ? I'm not me ! I'm just a */ /* phone : (+31) 50 549 2701 is not a computer simulation of me' */ /* URL http://www.reseau.nl dirty word Red Dwarf, First Episode */ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
