Hello!
I have set up a LINUX router with two seperate uplinks to do load
balancing. I made all the configuration after the "NANO-HOWTO to use
more than one independent Internet connection" document. I patched my
2.4.24 kernel with patches, described in this document. My
configuration is:
---------------------------------------------------------------
#!/bin/bash
#------------------------------
LAN_IF - LAN interface
LAN_IP - LAN IP
LAN_NET - LAN network/mask
#------------------------------
INET1_IF - external interface no. 1
INET1_IP - external IP no. 1
INET1_NET - external network/mask no. 1
INET1_GW - remote gateway no. 1
#------------------------------
INET2_IF - external interface no. 2
INET2_IP - external IP no. 2
INET2_NET - external network/mask no. 2
INET2_GW - remote gateway no. 2
#------------------------------
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe ip_nat_irc
IPTABLES=/usr/sbin/iptables
$IPTABLES -t filter -P INPUT ACCEPT
$IPTABLES -t filter -P OUTPUT ACCEPT
$IPTABLES -t filter -P FORWARD ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P INPUT ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -t mangle -P FORWARD ACCEPT
$IPTABLES -t mangle -P POSTROUTING ACCEPT
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -t filter -F
$IPTABLES -t filter -X keep_state
$IPTABLES -t nat -X keep_state
$IPTABLES -t filter -N keep_state
$IPTABLES -t filter -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -t filter -A keep_state -j RETURN
$IPTABLES -t nat -N keep_state
$IPTABLES -t nat -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -t nat -A keep_state -j RETURN
$IPTABLES -t nat -A PREROUTING -j keep_state
$IPTABLES -t nat -A POSTROUTING -j keep_state
$IPTABLES -t nat -A OUTPUT -j keep_state
$IPTABLES -t filter -A INPUT -j keep_state
$IPTABLES -t filter -A FORWARD -j keep_state
$IPTABLES -t filter -A OUTPUT -j keep_state
/sbin/ip rule del prio 50 table main
/sbin/ip rule add prio 50 table main
/sbin/ip route del default table main
/sbin/ip rule del prio 201 from $INET1_NET table 201
/sbin/ip rule add prio 201 from $INET1_NET table 201
/sbin/ip route add default via $INET1_GW dev $INET1_IF \
src $INET1_IP proto static table 201
/sbin/ip route append prohibit default table 201 metric 1 proto static
/sbin/ip rule del prio 202 from $INET2_NET table 202
/sbin/ip rule add prio 202 from $INET2_NET table 202
/sbin/ip route add default via $INET2_GW dev $INET2_IF \
src $INET2_IP proto static table 202
/sbin/ip route append prohibit default table 202 metric 1 proto static
/sbin/ip rule del prio 222 table 222
/sbin/ip rule add prio 222 table 222
/sbin/ip route add default table 222 proto static \
nexthop via $INET1_GW dev $INET1_IF \
nexthop via $INET2_GW dev $INET2_IF
$IPTABLES -t nat -A POSTROUTING -o $INET1_IF -s $LAN_NET -j SNAT --to-source $INET1_IP
$IPTABLES -t nat -A POSTROUTING -o $INET2_IF -s $LAN_NET -j SNAT --to-source $INET2_IP
---------------------------------------------------------------------------------
Load balancing works well, and everything seems to be OK.
But there is a problem: two uplinks are from different ISP's, so they
have their own SMTP servers. I have to use only one SMTP server to
send e-mail, so I set up SMTP server of ISP1 in my e-mail client
program. But because of load balancing, SMTP traffic sometimes go
through the second line ISP2, and then the SMTP server of ISP1 refuses
to accept my message.
So I would like to "tie" SMTP traffic to ISP1 line. What rules should
I use? Perhaps I should mark all the SMTP traffic with IPTABLES MARK?
I would be very grateful for your help and suggestions...
Rokas Zakarevicius
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
