Re: redirect traffic to certain interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Victor Medina wrote: 
Hello all!


I have a gateway server, that runs a proxy server, and a smtp. This
server has 3 interfaces, two interfaces connected to internet with two
different server providers and the other one is for the internal
network.

What i would like to do, is send all outgoing smtp traffic which is
generated by the smtp server to one specific interface (eth2). The
problem is I just don't know who to tell the iptable how to let the smtp
server recieve all incoming traffic to the smtp server, and then forward
all outgoing traffic to the especific device.

In this case, all incoming smtp traffic generated by our internals
clients reach the smtp server for distribution using device eth1, then
(i would like to) let the smtp server use ONLY the eth2 to forward mail
to the rest of the servers in internet.

Can i do this? How can i do this? 

Yes, you can.  Advanced routing.

Basically, what you need is to mark the packets with Netfilter before the routing decision is made. For packets generated by local process that would be in OUTPUT chain of mangle table. Something along the lines of "-t mangle -A OUTPUT -p tcp --dport 25 -j MARK --mark 1" (1 is just example, you may use any other number, but you must be consistent with next step). While there, you might also want to do SNAT in the POSTROUTING chain of nat table to make sure returning packets will get in on correct interface (otherwise, if packets are going out of eth2 with address of eth1, remote routers will route return packets to eth1, end you'll end up with asymetric routing). Alternatively, instead of using SNAT, you might do it on application level (forcing your SMTP server to use specific source address, instead of automatically determining it, if such config option exists in your SMTP server).

Than using ip command, you would create new routing table for packets with fwmark 1 (this is the place where you need to be consistent, must match parameter of --mark) that has default route set to eth2.

And voila, all your SMTP traffic is using eth2.

--
Aleksandar Milivojevic <amilivojevic@xxxxxx>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux