I am trying to use netfilter (iptables) to mark packets bound for port 25 on the internal interface and then using iproute2 to route those marked packets over the DSL. Everything seems to work as intended except that email traffic is going out over the internal ip (thru cable) and not the DSL. So it doesn't seem like the marking and routing that I have setup is working right. My scenario is: 1 Redhat 7.3 Linux machine (kernel 2.4.18-3) 1 network appliance 1 dsl router 1 cable modem The linux machine has: 2 nics (1 static ip DSL, 2nd ip is internal 192.168.0.10 goes through network appliance via nat out cable modem) I want all traffic coming in over DSL to go out over DSL and all traffic coming in to the internal IP to go out the internal IP. There are actually other internal ip lan clients but they are separate from this scenario. The one caveat would be to have all outgoing smtp traffic go over the DSL. Sendmail runs on all interfaces. I need all outbound email to go out over DSL because some email servers (earthlink/mindspring) are blocking mail servers coming from certain cable modem ips. The last caveat is that I want the default route of traffic, or all originating traffic that is non smtp, to go out over the cable modem to take advantage of the fast download speed of cable as compared to the slower DSL. Here is the script I am running out of rc.local at boot. Can anyone suggest changes to make it work? #!/bin/sh P1_NET=65.X.X.208 P2_NET=192.168.0.0 # DSL IF1=eth0 # Internal nat'd to cable IF2=eth1 IP1=65.X.X.210 IP2=192.168.0.10 P1=65.X.X.209 P2=192.168.0.1 ip route add $P1_NET dev $IF1 src $IP1 table DSL ip route add default via $P1 table DSL ip route add $P2_NET dev $IF2 src $IP2 table CABLE ip route add default via $P2 table CABLE ip route add $P1_NET dev $IF1 src $IP1 ip route add $P2_NET dev $IF2 src $IP2 ip route add default via $P2 ip route add default via $P1 dev $IF1 table MAIL.OUT ip rule add fwmark 1 table MAIL.OUT prio 220 ip rule add from $IP1 table DSL prio 230 ip rule add from $IP2 table CABLE prio 240 ip route flush cache # End of script This is the iptables cmd I ran and is restored on reboot by iptables: iptables -A PREROUTING -i eth1 -t mangle -p tcp --dport 25 -j MARK --set-mark 1 Here is the rt_tables file: # # reserved values # #255 local #254 main #253 default #0 unspec # # local # #1 inr.ruhep 200 DSL 201 CABLE 202 MAIL.OUT I appreciate any help or direction. I have kind of merged two scripts from http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.ht ml And http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html Do I need to enable ip forwarding or turn off the reverse path filer? Grant Furick _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
