Pascal Hambourg wrote:
Alexei Ustyuzhaninov a écrit :
Pascal Hambourg wrote:
SNAT should work on packets creating a new connection (i.e. in the
state NEW).
Yes, really! The SYN packet goes out through the right interface with
the right source address, SYN/ACK comes back and that's all, nothing
will happen more.
This looks like a filtering issue causing the reply packet to be
dropped. Check your iptables 'filter' rules and that source validation
by reversed path is disabled for that interface
(/proc/sys/net/ipv4/conf/<interface>/rp_filter=0).
Yes, rp_filter was the issue indeed. Thank you very much.
I just want a simple thing: to send mail via one provider and all other
traffic via the other provider
You may be able to specify the desired source address for outgoing
connections if your mail application allows it.
No, of course the mail application doesn't bother about source addresses
and IP routing. I believe it operates at different level of ISO model. :)
--
Thanks again,
Alexei
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
