Daniel Colicov wrote:
Good Morning,
I have a linux box with two dsl modems on it (connection is done via
pppoe), I'm trying to route default traffic on the primary connection
(ppp0) and mail traffic on another one (ppp1).
This traffic should be able to come from the localhost or the lan via
NAT.
I run Slackware 9.1 (Kernel 2.4.22), recompiled with necessary options
for using iproute2.
According to the advanced routing howto, I did the following :
iptables âA PREROUTING âi eth0 ât mangle âp tcp ââdport 25 âj MARK
ââsetâmark 1
iptables âA PREROUTING âi lo ât mangle âp tcp ââdport 25 âj MARK
ââsetâmark 1
I'm not sure whether "lo" is needed.
echo 201 mail.out >> /etc/iproute2/rt_tables
ip rule add fwmark 1 table mail.out
/sbin/ip route add default via [Second's ISP Gateway] dev ppp1 table
mail.out
I get no error message, and ip rule ls and ip route show params where
recorded.
But if I do telnet somemail.server.com 25, I get a timeout and no data
is sent via ppp1 (seen using ifconfig ppp1 or tcpdump -i ppp1).
I can't figure what can be wrong nor where I should start looking for.
I also looked in the ip-cref doc and found nothing that could help me.
Feel free to ask me on any point I would have forgotten.
Do you have an idea in order to solve this problem ?
Thanks, in advance !
hello,
2 days ago i had the same problem...do you use SNAT option to nat the
users behind the server? if you do, try iptables -t nat -I
POSTROUTING -p tcp -s 10.0.255.0/24 --dport 25 -j MASQUERADE and in
forward put a -I FORWARD -s 10.0.255.0/24 -j ACCEPT...I used SNAT with
iproute and marking packets and didn't work(it's a little difficult) so
i choose to use MASQUERADE instead. replace the LAN ips with
yours....then iptables -t mangle -I PREROUTING -s 10.0.255.0/24 -j
MARK --set-mark 2
then :
echo 50 mail.out >> /etc/iproute2/rt_table
ip rule add fwmark 2 prio 50 table mail.out
ip route add default via 10.0.254.1 dev eth2 table mail.out (dev eth2
is the ethernet with the second provider, eth1 with 1st isp and eth0
with LAN)
ip route flush cache...use tcpdump to see the packets.
so should be work...
good luck
Thanks for your answer. Actually I use MASQUERADE, I just made a new
post relating what I see now, you can take a look at it if you want, if
you have an idea ;-)
Julien.