Rewiewing the mark and saving/restoring of the marks in the chain seems
was useful, and now the policy routing for local-generated traffic
works as expected.
Apart one little thing... local service (exim SMTP server, indeed) open
outgoing connection using one of the available interface, and this
happen:
1 0.000000000 10.5.248.254 → 108.177.126.27 TCP 74 46008 → 25 [SYN, ECN, CWR] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=31379463 TSecr=0 WS=128
2 1.027849378 10.5.248.254 → 108.177.126.27 TCP 74 [TCP Retransmission] 46008 → 25 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=31379720 TSecr=0 WS=128
3 3.043787137 10.5.248.254 → 108.177.126.27 TCP 74 [TCP Retransmission] 46008 → 25 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=31380224 TSecr=0 WS=128
4 7.139530714 10.5.248.254 → 108.177.126.27 TCP 74 [TCP Retransmission] 46008 → 25 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=31381248 TSecr=0 WS=128
eg, traffic get correctly routed to the choosen interface via policy
routing, but source IP was 'a random interface IP' in the available
pool.
I can use SNAT to change source IP but... there's some more 'elegant'
solution?
Surely, best solution would be to work as 'application level', eg
instruct exim to use for some traffic only the scecific source
interface but... seems not possible, or too complex to achive.
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
