Jens wrote:
>I am trying to trace a problem I have in redirecting my mail traffic to a
>different ISP. I have set up a whole bunch of logging rules but am still a
>bit mystified and could use some clarification....
>
>The setup (shortened somewhat for this example):
>Cable connection coming into a firewall/router going to a mail server in the
>DMZ.
>The interface on the firewall/router that the cable uses (to the internet)
is
>eth0. The interface on the firewall/router to the DMZ is eth3
>
>I log all (I believe) destination port 25 packets going thru the firewall.
The
>current setup does not do any redirection of traffic to port 25 - everything
>goes out the default interface eth0 and the whole setup works. I am trying
to
>get a baseline as to what I should see when I do the redirection later on.
>To run my test, I am on the mailserver box and I initiate a telnet to a
remote
>ISP''s mail server on port 25.
>
>The log messages I see are as follows:
>
>the first packet shows a traversal thru the nat filters as expected
>The source and destination IP''s are always the same - the source is
always the
>ip of my mail server and the destination is always the ip of the remote
ISP''s
>mail server
>
>mangle preroute in eth3 src <Mailserver> dst <destination of
mail>
>nat preroute in eth3
>mangle forward in eth3
>mangle postroute out eth0
>
>the second packet no longer shows traversal thru the nat filter
>mangle preroute in eth3
>mangle forward in eth3
>mangle postroute out eth0
>
>The things that I am having problems understanding are:
>
>1) I see the packet going into eth3, doing the preroute, the forward but I
see
>no postroute on eth3. I also don''t see the packet going into eth0
or doing
>anything until it comes out the postroute table. Why isn''t there
anything in
>between ?
>
>2) The connection I establish is from a local ip 192.168.1.2 to the
ISP''s mail
>server on the internet. The connection is fully functional so it''s
nat''ed
>properly. Why is it that I don''t see the change of source IP in the
mangle
>postroute (as the packet comes out of eth0 which is the internet interface)
?
>Why don''t I see the address change anywhere ?
>
>I am sorry to ask such basic questions but this stuff is crucial in me
>figuring out what is happening and I have not managed to put the clues
>together from the documents and how-to''s that I have studied so
far.
>
>Thanks
>
>Jens
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
>
I''m trying to do the same thing, as you can see from my previous posts,
it''s working a little better as redirection works. Can you show us the
ip route add, iptables -t mangle and ip route add command lines you used
so we can check what could be wrong ?
Julien
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
