A good think would be to give a full description to your network setup, interfaces and so on, maybe there should be stuff like -s 192... -d ! 192../24 On Thu, 22 Jul 2004 12:17:27 -0700, Jens <jens@xxxxxxxxxxxxx> wrote: > 192.168.1.2 is the mail server which goes to 192.168.1.1 which is the firewall > that has the routing script and routs to one of two external interfaces. I > used PREROUTING based on some how-to's but have never really thought about > exactly where the marking should take place. It seemed to me that PREROUTING > was a good choice for marking since the routing rules which depend on the > marking follow that. > > The flushing is something that got me before but which I am watching like a > hawk now :) > > Jens > > > > On Thursday 22 July 2004 02:59, George Alexandru Dragoi wrote: > > Is the 192.168.1.2 an ip on the router? If yes, you'll have to mark in > > OUTPUT, not PREROUTING, also, after you set up the rules and routes, > > did you an > > ip route flush cache > > ? > > > > I hope these works > > > > On Wed, 21 Jul 2004 20:02:32 -0700, Jens <jens@xxxxxxxxxxxxx> wrote: > > > I have a particular problem that has caused me grief for some time now > > > and even though the answer is probably very basic, it has eluded me. I > > > would appreciate any help or pointers in the right direction. > > > > > > I have two links to the internet, one via cable and one via adsl. > > > Although I would want to add redundancy at a later time, all I want to > > > get working now is that mail from my server goes out via the adsl link > > > (it's a fixed IP and I am running into too many cases where my cable > > > account with it's dynamic IP is blocked by other mail servers). > > > I have spent considerable time trying to wrap my brain around ip tables, > > > routing and the such. Although I only see a slight ray of hope in ever > > > understanding the subject completely, my current problem doesn't (at > > > first glance) seem to require a degree in rocket science. I have set up > > > two routing tables (adsl and shaw). I mark packets with "iptables -t > > > mangle -A PREROUTING -p tcp -- dport 25 -s 192.168.1.2 -j MARK --set-mark > > > 1" and use "ip rule add fwmark 1 table adsl". To my understanding, the > > > result of this is that every packet from 192.168.1.2 that comes out of my > > > mail server via port 25 will get market with '1' and that routing is > > > decided via table adsl. The adsl table has a default route via the adsl > > > line. There is also a separate default gateway set up in the regular > > > routing table to go via the cable connection. I seem to be missing > > > something because I get the following result .... if I telnet from my > > > mail server (192.168.1.2) to another mail server via port 25, I get a > > > timeout. If I telnet to the same server via port 80 I get the connect > > > message from the other end. To me, this seems to indicate that port 25 > > > messages are marked and are routed differently from the port 80 messages > > > - just like I would expect. The question is, why the heck am I not > > > getting anywhere on port 25. The same setup going to the default cable > > > provider works just fine - this leads me to believe that I don't have > > > anything in the router/firewall impeding the traffic. > > > What am I missing ???? > > > Is there any way to trace how my attempts at telnetting thru port 25 are > > > handled by the router ? > > > I would be happy to post any further information needed to sort this out. > > > > > > Jens > > > _______________________________________________ > > > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > _______________________________________________ > > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
