Hello,
I have a Debian-Woody-3.0 Router with 3 NIC''s.
Kernelversion 2.4.18
+------------+ +-------------+
| | | |
|192.168.1.1 | | 192.168.2.1 |
| DSL-Router | | ISDN-Router |
+------------+ +-------------+
| |
| |
+---------+ +----------+
| |
| |
+----------------------------------+
| eth0 eth2 |
| Debian-Woody |
| eth1 |
+----------------------------------+
|
|
+----------------+
| 192.168.3.0/24 |
| localnet |
+----------------+
Mail-Traffic over ISDN-Router
WWW-Traffic over DSL-Router
But why?
### Here are my interfaces:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
auto eth1
iface eth1 inet static
address 192.168.2.20
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
# gateway 192.168.2.1
auto eth2
iface eth2 inet static
address 192.168.3.30
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255
# gateway 192.168.3.1
Is this correct?
### my route:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
and now my firewall-script:
#!bin/bash
# firewall-script
echo 1 > /proc/sys/net/ipv4/ip_forward
?????????????????????????????????????????
iptables -t nat -A POSTROUTING -j SNAT --to 192.168.1.10
so can I surf and get mail, but over eth0
Have anyone an idea?
Kernelmodules are loaded.
Greetz Torsten
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Torsten, This is not really a LARTC question (unless you fetch mail from an arbitrary number of servers, in which case you''ll need the link-load-sharing multiple routing tables solution). I''m guessing you solution is quite easy....see below. : I have a Debian-Woody-3.0 Router with 3 NIC''s. Kernelversion 2.4.18 [ nice netmap snipped ] : Mail-Traffic over ISDN-Router : WWW-Traffic over DSL-Router : But why? [ interface definitions snipped ] : Is this correct? Well, yes. But not complete. : ### my route: : Kernel IP routing table : Destination Gateway Genmask Flags Metric Ref Use : Iface : 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 : 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 : 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 : 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 : and now my firewall-script: Are you fetching mail from a particular mailserver? If so: # mailserver=213.165.64.20 # route add -host $mailserver gw 192.168.2.1 Or # mailserver=213.165.64.20 # ip route add $mailserver via 192.168.2.1 -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 15 April 2003 11:05, Martin A. Brown scrawled:> Torsten, > > This is not really a LARTC question (unless you fetch mail from an > arbitrary number of servers, in which case you''ll need the > link-load-sharing multiple routing tables solution). > > I''m guessing you solution is quite easy....see below. > > : I have a Debian-Woody-3.0 Router with 3 NIC''s. Kernelversion 2.4.18 > > [ nice netmap snipped ] > > : Mail-Traffic over ISDN-Router > : WWW-Traffic over DSL-Router > : But why? > > [ interface definitions snipped ] > > : Is this correct? > > Well, yes. But not complete. > > : ### my route: > : Kernel IP routing table > : Destination Gateway Genmask Flags Metric Ref Use > : Iface > : 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 > : eth2 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 > : 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 > : 0 eth0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 > : 0 0 eth0 and now my firewall-script: > > Are you fetching mail from a particular mailserver? If so: > > # mailserver=213.165.64.20 > # route add -host $mailserver gw 192.168.2.1 > > Or > > # mailserver=213.165.64.20 > # ip route add $mailserver via 192.168.2.1 > > -MartinWouldnt setting up ip rules to forward the appropriate traffic through the proper gateway be better? Ashok - -- - ----------------------------------------------------------------------------- My public key: gpg --recv-keys --keyserver blackhole.pca.dfn.de DCB44F2E http://pgp.mit.edu:11371/pks/lookup?search=N+N+Ashok+%28CSE+MSU%29+%3Cnnashok%40yahoo.com%3E&op=index [Fingerprint: 4D6D B9F3 D2B6 A22A F4E5 5763 4615 E956 DCB4 4F2E ] - ----------------------------------------------------------------------------- "...there is nothing so unnatural as the commonplace." Sir Arthur Conan Doyle in "Adventures of Sherlock Holmes: A Case of Identity" - ----------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+nEX9RhXpVty0Ty4RAufDAJsE4zY/mnP0RLRdJsVEpNmlv8JWRACgiK/a k6zwQXUERfKE0EFYO/e2LG0=YIXJ -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi Ashok, : > Are you fetching mail from a particular mailserver? If so: : > # mailserver=213.165.64.20 : > # route add -host $mailserver gw 192.168.2.1 : > # mailserver=213.165.64.20 : > # ip route add $mailserver via 192.168.2.1 : > -Martin : : Wouldnt setting up ip rules to forward the appropriate traffic through the : proper gateway be better? Why use the RPDB if you don''t need to? I subscribe to the KISS notion (keep it simple, stupid!). If all of his mail connections are to a single "smarthost", or a small set of IP addresses, there''s no reason for him to use "ip rule", since he can make a specific route in the main routing table to the destination. If he is using multiple mailservers in "unknown" networks, then he''ll need to look at the link load sharing solutions, such as multipath routes, or multiple outbound links with RPDB/fwmark''ing solutions. -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/