Hello,
Danny Rathjens a écrit :
felix@xxxxxxxxxxx wrote:
[...]
What iptables commands would I used to route non-SMTP packets between,
say, eth0 (local net, static real addresses) and eth1 (broadband DHCP)?
Just follow normal procedure for NAT of traffc using and us broadband as
default route:
route add default gw $broadband_gateway
And for NAT :
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
MASQUERADE is because eth1's address is dynamic. Else SNAT could be used
instead.
Then you just need to route the smtp traffic through your dial-up.
iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 25 -j MARK
--set-mark 2
echo 202 mail >> /etc/iproute2/rt_tables
ip rule add fwmark 2 table mail
ip route add default via $dialup_gateway dev eth0 table mail
^^^^^^^^
"dev ppp0" would be better IMHO.
If source address validation is enabled, don't forget to disable it on
the non-default interface :
sysctl -w net/ipv4/conf/ppp0/rp_filter=0
If net/ipv4/conf/default/rp_filter=1, you'll have to do this every time
after ppp0 is created. If net/ipv4/conf/default/rp_filter=0 before ppp0
is created, net/ipv4/conf/ppp0/rp_filter will be automatically set to 0.
One remark : if there is SMTP traffic from a local host with a private
address, this traffic will be routed via ppp0 but must be NATed with
any public address routed on the dialup link. If it is not NATed, it
will go out with its original private source address and that's not good.
Note to Felix : you don't need to define and use a table name in
/etc/iproute2/rt_tables. It just makes routes and routing rules more
readable. You can use a table number in the range 1-252 instead.
