Antony Stone <Antony@xxxxxxxxxxxxxxxxxxxx> writes: > On Sunday 02 May 2004 11:50 pm, Christer Ekholm wrote: > >> I have two IP-providers. And the faster one of them blocks smtp. I >> have been trying to route smtp to the slower while still routing >> everything else to the faster, without success. Is it possible at all? > > IProute2, http://lartc.org Thankyou for the answer. I have read that, and tried everything I could think of. I think my problem is that I need this to work from the host with the connections to the providers. (localhost). Here is an attempt to describe what I have tried. This is my configuration: /etc/iproute2/rt_tables # # reserved values # 255 local 254 main 253 default 0 unspec # # local # 1 bb 2 bost Provider one (called bb - very fast) $ip addr show eth0 2: eth0: <BROADCAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:a0:cc:59:e9:c0 brd ff:ff:ff:ff:ff:ff inet 213.113.148.180/26 brd 213.113.148.191 scope global eth0 Provider two (called bost - slow but permits smtp) $ip addr show eth1 3: eth1: <BROADCAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:10:5a:1e:ab:3e brd ff:ff:ff:ff:ff:ff inet 217.215.183.181/24 brd 217.215.183.255 scope global eth1 I also have a local network (not relevant for my problem) (i think) $ip addr show eth2 4: eth2: <BROADCAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:10:4b:cb:c2:c6 brd ff:ff:ff:ff:ff:ff inet 192.168.1.2/24 brd 192.168.1.255 scope global eth2 I have dedicated routing tables for each provider $ip route show table bb 213.113.148.128/26 dev eth0 scope link src 213.113.148.180 192.168.1.0/24 dev eth2 scope link 127.0.0.0/8 dev lo scope link default via 213.113.148.129 dev eth0 $ip route show table bost 217.215.183.0/24 dev eth1 scope link src 217.215.183.181 192.168.1.0/24 dev eth2 scope link 127.0.0.0/8 dev lo scope link default via 217.215.183.1 dev eth1 src 217.215.183.181 And table main looks like this. $ip route show table main 213.113.148.128/26 dev eth0 proto kernel scope link src 213.113.148.180 217.215.183.0/24 dev eth1 proto kernel scope link src 217.215.183.181 192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.2 default via 213.113.148.129 dev eth0 And I have a set of rules also. $ip rule show 0: from all lookup local 101: from 213.113.148.180 lookup bb 102: from 217.215.183.181 lookup bost 32766: from all lookup main 32767: from all lookup default Now this works perfectly, if provider(bb) stops working, i can very quickly switch provider by changing the defaultroute in table main. Now over to my not-so-successful experiments. :( I have tried using the 'mangle' chain to mark smtp-packets, and then using a rule to route that to the other provider. like this: iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 1 ip rule add prio 21 fwmark 1 table bost The rules now looking like this: $ip rule show 0: from all lookup local 21: from all fwmark 1 lookup bost 101: from 213.113.148.180 lookup bb 102: from 217.215.183.181 lookup bost 32766: from all lookup main 32767: from all lookup default Then when I try it I get "No route to host". $telnet vishnu.netfilter.org 25 Trying 213.95.27.115... telnet: Unable to connect to remote host: No route to host Next thing i tried was to add "nat" to the smtp-rule $ip rule add prio 21 fwmark 1 table bost nat 217.215.183.181 $ip rule show 0: from all lookup local 21: from all fwmark 1 lookup bost map-to 217.215.183.181 101: from 213.113.148.180 lookup bb 102: from 217.215.183.181 lookup bost 32766: from all lookup main 32767: from all lookup default Which got me one step further. The packets ar now detectable on eth1. But still with the wrong source-address tcpdump -n -i eth1 dst port 25 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 68 bytes 00:24:14.311433 IP 213.113.148.180.48829 > 213.95.27.115.25: SWE 3230509301:3230509301(0) win 5840 <mss 1460,sackOK,timestamp 68840162[|tcp]> 00:24:17.304696 IP 213.113.148.180.48829 > 213.95.27.115.25: SWE 3230509301:3230509301(0) win 5840 <mss 1460,sackOK,timestamp 68840462[|tcp]> 00:24:23.304827 IP 213.113.148.180.48829 > 213.95.27.115.25: SWE 3230509301:3230509301(0) win 5840 <mss 1460,sackOK,timestamp 68841062[|tcp]> My next thought was to use iptables to add a SNAT rule. But SNAT is only allowed in POSTROUTING, and I think I would need that in OUTPUT -- Christer
