192.168.1.2 is the mail server which goes to 192.168.1.1 which is the firewall that has the routing script and routs to one of two external interfaces. I used PREROUTING based on some how-to's but have never really thought about exactly where the marking should take place. It seemed to me that PREROUTING was a good choice for marking since the routing rules which depend on the marking follow that. The flushing is something that got me before but which I am watching like a hawk now :) Jens On Thursday 22 July 2004 02:59, George Alexandru Dragoi wrote: > Is the 192.168.1.2 an ip on the router? If yes, you'll have to mark in > OUTPUT, not PREROUTING, also, after you set up the rules and routes, > did you an > ip route flush cache > ? > > I hope these works > > On Wed, 21 Jul 2004 20:02:32 -0700, Jens <jens@xxxxxxxxxxxxx> wrote: > > I have a particular problem that has caused me grief for some time now > > and even though the answer is probably very basic, it has eluded me. I > > would appreciate any help or pointers in the right direction. > > > > I have two links to the internet, one via cable and one via adsl. > > Although I would want to add redundancy at a later time, all I want to > > get working now is that mail from my server goes out via the adsl link > > (it's a fixed IP and I am running into too many cases where my cable > > account with it's dynamic IP is blocked by other mail servers). > > I have spent considerable time trying to wrap my brain around ip tables, > > routing and the such. Although I only see a slight ray of hope in ever > > understanding the subject completely, my current problem doesn't (at > > first glance) seem to require a degree in rocket science. I have set up > > two routing tables (adsl and shaw). I mark packets with "iptables -t > > mangle -A PREROUTING -p tcp -- dport 25 -s 192.168.1.2 -j MARK --set-mark > > 1" and use "ip rule add fwmark 1 table adsl". To my understanding, the > > result of this is that every packet from 192.168.1.2 that comes out of my > > mail server via port 25 will get market with '1' and that routing is > > decided via table adsl. The adsl table has a default route via the adsl > > line. There is also a separate default gateway set up in the regular > > routing table to go via the cable connection. I seem to be missing > > something because I get the following result .... if I telnet from my > > mail server (192.168.1.2) to another mail server via port 25, I get a > > timeout. If I telnet to the same server via port 80 I get the connect > > message from the other end. To me, this seems to indicate that port 25 > > messages are marked and are routed differently from the port 80 messages > > - just like I would expect. The question is, why the heck am I not > > getting anywhere on port 25. The same setup going to the default cable > > provider works just fine - this leads me to believe that I don't have > > anything in the router/firewall impeding the traffic. > > What am I missing ???? > > Is there any way to trace how my attempts at telnetting thru port 25 are > > handled by the router ? > > I would be happy to post any further information needed to sort this out. > > > > Jens > > _______________________________________________ > > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
