Is the 192.168.1.2 an ip on the router? If yes, you'll have to mark in OUTPUT, not PREROUTING, also, after you set up the rules and routes, did you an ip route flush cache ? I hope these works On Wed, 21 Jul 2004 20:02:32 -0700, Jens <jens@xxxxxxxxxxxxx> wrote: > I have a particular problem that has caused me grief for some time now and > even though the answer is probably very basic, it has eluded me. I would > appreciate any help or pointers in the right direction. > > I have two links to the internet, one via cable and one via adsl. Although I > would want to add redundancy at a later time, all I want to get working now > is that mail from my server goes out via the adsl link (it's a fixed IP and I > am running into too many cases where my cable account with it's dynamic IP is > blocked by other mail servers). > I have spent considerable time trying to wrap my brain around ip tables, > routing and the such. Although I only see a slight ray of hope in ever > understanding the subject completely, my current problem doesn't (at first > glance) seem to require a degree in rocket science. I have set up two routing > tables (adsl and shaw). I mark packets with "iptables -t mangle -A PREROUTING > -p tcp -- dport 25 -s 192.168.1.2 -j MARK --set-mark 1" and use "ip rule add > fwmark 1 table adsl". To my understanding, the result of this is that every > packet from 192.168.1.2 that comes out of my mail server via port 25 will get > market with '1' and that routing is decided via table adsl. The adsl table > has a default route via the adsl line. There is also a separate default > gateway set up in the regular routing table to go via the cable connection. > I seem to be missing something because I get the following result .... if I > telnet from my mail server (192.168.1.2) to another mail server via port 25, > I get a timeout. If I telnet to the same server via port 80 I get the connect > message from the other end. To me, this seems to indicate that port 25 > messages are marked and are routed differently from the port 80 messages - > just like I would expect. The question is, why the heck am I not getting > anywhere on port 25. The same setup going to the default cable provider works > just fine - this leads me to believe that I don't have anything in the > router/firewall impeding the traffic. > What am I missing ???? > Is there any way to trace how my attempts at telnetting thru port 25 are > handled by the router ? > I would be happy to post any further information needed to sort this out. > > Jens > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
