Hi guys, I have a mail server running qmail with two network interfaces. All packages comes from the first one and I want to mark outgoing packages to route them using the second interface (ADSL). I have write this script, but it ins''t work. All packages are returning by the first interface... :-( x-x-x # Tables, networks, interfaces, addresses and gateways IF1=eth0 T1=100 NET1=200.180.193.16/29 IP1=200.180.193.18 GW1=200.180.193.20 IF2=eth1 T2=200 NET2=192.168.1.0/24 IP2=192.168.1.100 GW2=192.168.1.1 # Mark packages that have TCP DST PORT 25 with 1 iptables -A PREROUTING -t mangle -p tcp --dport 25 -j MARK --set-mark 1 # Define routing in tables $T1 and $T2 ip route add $NET1 dev $IF1 src $IP1 table $T1 ip route add default via $GW1 table $T1 ip route add $NET2 dev $IF2 src $IP2 table $T2 ip route add default via $GW2 table $T2 # Define routing in table ''main'' ip route add $NET1 dev $IF1 src $IP1 ip route add $NET2 dev $IF2 src $IP2 # Define default route normal ip route add default via $GW1 # Define routing rule for same interface ip rule add from $IP1 table $T1 ip rule add from $IP2 table $T2 # Define routing rule for marked packages ip rule add fwmark 1 table $T2 x-x-x Could someone enlighten me? :-) Best regards, -- Dorneles Treméa Caxias do Sul - RS - Brasil +55 54 9114 9312 - UIN: 2413568 X3ng Web Technology <http://www.x3ng.com.br> -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/IT d- s:->: a23 C+++ UBL++++$ P--- L++ E-- W+++ N++ o? K? w+ O M+ V-- PS+ PE- Y-- PGP++ t+ 5 X++ R+ tv+ b(++) DI+ D++ G+>+++ e++>++++ h---- r+++ y+++** ------END GEEK CODE BLOCK------ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Le ven 04/07/2003 à 05:15, Dorneles Treméa a écrit :> Hi guys, > > I have a mail server running qmail with two network > interfaces. All packages comes from the first one and > I want to mark outgoing packages to route them using > the second interface (ADSL). > > have TCP DST PORT 25 with 1 > iptables -A PREROUTING -t mangle -p tcp --dport 25 -j MARK --set-mark 1you mark packet going to port 25 and you want to refirect packet coming from port 25 (response packet). You don''t have any connection tracking with mark. If you want some you''ve got to use CONNMARK. By the way : will your ADSL ISP accept to route the packet coming from an other IP ? BR, -- Eric Leblond <eric@regit.org>
Hi Eric, thanks for response... ;-)> you mark packet going to port 25 and you want to refirect packet coming > from port 25 (response packet). > You don''t have any connection tracking with mark. If you want some > you''ve got to use CONNMARK.Ops... no, I receive packets normally by port 25 on eth0. It''s incomming traffic. I just want to send my outgoing smtp traffic with eth1 (packets generated by my mail server).> By the way : will your ADSL ISP accept to route the packet coming from > an other IP ?Hey, I''m the ISP... :-) I''m just trying to route the outgoing SMTP traffic by a cheap ADSL link, keeping the main link as free as possible. Thanks in advance. Regards, -- Dorneles Treméa Caxias do Sul - RS - Brasil +55 54 9114 9312 - UIN: 2413568 X3ng Web Technology <http://www.x3ng.com.br> -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/IT d- s:->: a23 C+++ UBL++++$ P--- L++ E-- W+++ N++ o? K? w+ O M+ V-- PS+ PE- Y-- PGP++ t+ 5 X++ R+ tv+ b(++) DI+ D++ G+>+++ e++>++++ h---- r+++ y+++** ------END GEEK CODE BLOCK------ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Eric Leblond wrote:> You don''t have any connection tracking with mark. If you want some > you''ve got to use CONNMARK.Where can I find a few good working examples for CONNMARK? I haven''t yet been able to use the CONNMARK patch on my firewall the way I tried to. Greetings, Hanno _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/