Hello, world! Sorry to subscribe to the list only to immediately ask a question, but this one's got me scratching my head and I can't find the answer in the archives, the HOWTO, or on the web. Maybe I'm just asking the wrong question. Anyway, our Internet gateway is a Linux box. We've got two Internet feeds, a fast one from a crummy provider, and a slower one from a good provider. The goal is to control which feed gets used on a per-service basis. For the most part, I've been pretty successful at this, and it's worked well. Score one for the good guys. However, I'm having trouble trying to get Sendmail -- which is running on the gateway box itself -- to use the good provider when it tries to deliver mail. (If we use the crummy provider, too many others reject us as a likely spammer.) I found plenty of docs that tell me what to do if Sendmail is running on a different box -- just select packets using iptables as they come in, fwmark them, and then use a routing rule to put them into the appropriate routing table. This is conceptually easy, because the packets would already have well-defined characteristics. The problem is that Sendmail is running on the gateway itself. I don't know how to tell the system what to select. The packets won't have IP address or interface info yet, because they haven't gone through the kernel router yet. Right? And once they've gone through the kernel router, it's too late to try and pick the route they'll use. Right? Catch-22? I can't bind Sendmail's outgoing SMTP client mailer to a specific interface, because it has to be able to forward mail on to inside systems, too. I can think of all sorts of possible combinations of iptables options I might try (table, chain, interface, TCP port, etc.), but there are literally hundreds of permutations. Trial-and-error doesn't seem like a good way to do this. Especially since it's a production box. I tried a few ideas and got nowhere useful. Does someone here already know the answer? Environment: - CentOS 5 - kernel 2.6.18-8.1.10.el5 - iptables 1.3.5-1.2.1 - iproute 2.6.18-4.el5 - Both feeds connect to the gateway with plain old IP-over-Ethernet - Static IP addresses for both feeds - LAN is NAT'ed and using a 10/8 private subnet - Successfully using multiple routing tables, iptables, and/or interface-bindings to select route/feed for most services advTHANKSance! -- Ben _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
