Lance Dryden wrote:
Good evening,
Since you are worried only about outbound port 25 traffic being sent from localhost, a question arises: is all of the mail traffic coming from one specific program?
If so, you will probably have an easier time convincing the program to simply bind the outbound socket locally to the correct interface. Unless it is a full-blown MTA like Postfix or Sendmail; most MTAs want to be told which IP address to locally bind to and not which interface to use.
You might be better off using NAT. This would be a somewhat goofy use, and I have never tried it, so I do not know if it works. It would look like this:
iptables \ --table nat --append POSTROUTING --proto tcp \ --source <general-traffic-interface-IP> \ --dport 25 \ --jump SNAT --to-source <SMTP-specific-interface-IP>
This line would need to be added above any POSTROUTING lines for supporting masquerading. The kernel should be able to take care of sending the data out the correct interface.
Do let me know if it works.
Yours, &c Lance Dryden
Thanks for your response,
I did two things :
- Ask postfix to bind to second isp's external ip
=> traffic go out through ppp1 and back in. Good but I get "connection timed out connecting to..." in postfix log
- Added iptables line you adviced me to : => packets go out with second isp's ip, good, that was not the case before => packets go back
But I get no answer in the telnet, which seems to be the same problem than when telling postfix to bind to second isp's ip : packets go out and back in but client cannot communicate with remote smtp server.
I think I forgot some iptables lines that would let ppp1's traffic go back in. Do you know which one I should use to make sure the traffic can go back in well ?
Here is the tcpdump log when doing telnet 213.41.143.209 25 :
13:12:36.296170 81.48.224.208.51061 > 213.41.143.209.smtp: S 3495988204:3495988204(0) win 5808 <mss 1452,sackOK,timestamp 7706419 0,nop,wscale 0> (DF) [tos 0x10]
13:12:36.437196 213.41.143.209.smtp > 81.48.224.208.51061: S 687160518:687160518(0) ack 3495988205 win 16800 <mss 1412,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 536203422 7706419> (DF)
13:12:38.703028 213.41.143.209.smtp > 81.48.224.208.51060: S 1256669228:1256669228(0) ack 3496982511 win 16800 <mss 1412,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 536203426 7706045> (DF)
13:12:39.292786 81.48.224.208.51061 > 213.41.143.209.smtp: S 3495988204:3495988204(0) win 5808 <mss 1452,sackOK,timestamp 7706719 0,nop,wscale 0> (DF) [tos 0x10]
13:12:39.428299 213.41.143.209.smtp > 81.48.224.208.51061: S 687160518:687160518(0) ack 3495988205 win 16800 <mss 1412,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 536203428 7706719> (DF)
13:12:40.398787 213.41.143.209.smtp > 81.48.224.208.51059: S 957484233:957484233(0) ack 3482227097 win 16800 <mss 1412,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 536203430 7705616> (DF)
Thanks for your help !
Julien
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
