Etx1 - First Internet Line - eth0 Ext2 - Second Internet line - eth2 LAN - Local Area Network - eth1 Other traffic - Ext1 -------+-------+--------------- Ext2 ---Web goes Here eth0 | |eth2 +-------+-------+ | ROUTER | +----+------+---+ |eth1 192.168.0.0/24 -----------------+ | 192.168.0.1/24------------------- - Gateway | 192.168.0.2/24------------------- - Mail.Mail.org The problem is that i can''t check e-mails if server name in e-mail client is mail.mail.org i can check e-mail only if server addrress is 192.168.0.2 I have : iptables -t mangle -I PREROUTING -i eth1 -s 192.168.0.0/24 -d mail.mail.org -p tcp --dport 110 -j MARK --set-mark 67 iptables -t mangle -I PREROUTING -i eth1 -s 192.168.0.0/24 -d mail.mail.org -p tcp --dport 25 -j MARK --set-mark 67 /sbin/ip route add 192.168.0.0/24 dev eth1 table natips /sbin/ip route add 127.0.0.0/8 dev lo scope link table natips /sbin/ip route add default via 192.168.0.2 dev eth1 table natips /sbin/ip route flush cache /sbin/ip rule add fwmark 67 table mail But it''s not working . root@fw:/usr/src/linux# ip rule list 0: from all lookup local 32764: from all fwmark 0x43 lookup mail 32765: from all fwmark 0x42 lookup natips 32766: from all lookup main 32767: from all lookup default root@fw:/usr/src/linux# root@fw:/usr/src/linux# ip route list 192.168.0.2 dev eth1 scope link 213.91.108.248/29 dev eth0 proto kernel scope link src 213.91.108.250 213.91.108.248/29 dev ipsec0 proto kernel scope link src 213.91.108.250 217.30.248.0/24 dev eth2 proto kernel scope link src 217.30.248.135 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1 192.168.0.0/16 via 213.91.208.249 dev ipsec0 127.0.0.0/8 dev lo scope link default via 213.91.108.249 dev eth0 metric 1 default via 217.30.248.1 dev eth2 metric 2 Any help is very appreciated.
On Thu, May 12, 2005 at 05:03:35PM +0300, Stanislav Nedelchev wrote:> The problem is that i can''t check e-mails if server name in e-mail client is > mail.mail.org i can check e-mail only if server addrress is 192.168.0.2You don''t do things like this with routing, but with NAT. More specifically, you have to DNAT mail.mail.org to your private IP, and SNAT your LAN to the public IP of the router (well, not necessarily that one but an external IP). Supposing mail.mail.org resolves to 1.2.3.4, and your router is 1.2.3.5, you do something like: iptables -t nat -A PREROUTING -d 1.2.3.4 -j DNAT --to-destination 192.168.0.2 iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -d 1.2.3.4 -j SNAT --to-source 1.2.3.5 Bye, Peter Surda (Shurdeek) <shurdeek@routehat.org>, ICQ 10236103, +436505122023 -- three saints: looser & lamer & hacker
Stanislav Nedelchev wrote:> Etx1 - First Internet Line - eth0 > Ext2 - Second Internet line - eth2 > LAN - Local Area Network - eth1 > > > Other traffic - Ext1 -------+-------+--------------- Ext2 ---Web goes Here > eth0 | |eth2 > +-------+-------+ > | ROUTER | > +----+------+---+ > |eth1 > 192.168.0.0/24 -----------------+ > | > 192.168.0.1/24------------------- - Gateway > | > 192.168.0.2/24------------------- - Mail.Mail.org > > > The problem is that i can''t check e-mails if server name in e-mail > client is mail.mail.org > i can check e-mail only if server addrress is 192.168.0.2It seems like a name resolution problem. Did you checked that mail.mail.org resolves (from the client) to 192.168.0.2 ? Regards, Francisco.