Re: Pb : Routing with multiples interfaces
Hans van Kranenburg wrote:
Frédéric Massot wrote:
[...]
Thes Linux Box receives the internal mail on its internal interface.
Postfix/Amavis/Clamav/Spamassassin check this mail and sends it on the
LL interface ($INTERFACE_LL - $IP_LL).
Why don't you use the -o smtp_bind_address option in Postfix? Much less
complex setup... When Postfix chooses to bind to a specific outgoing
address the routing tables will follow that and choose the right
interface according to it.
This Linux Box receives the internal mail on its LAN interface and sends
it on the LL interface. And it receives the external mail on these 3
external interfaces (DSL1, DSL2, LL) and sends it on the LAN interface.
I think that I cannot bind the smtp daemon on LL interface.
I use these rules to mark the paquets :
iptables -t mangle -A OUTPUT -o $INTERFACE_DSL1 -p tcp --dport 25 -j
MARK --set-mark 0x25
iptables -t mangle -A OUTPUT -o $INTERFACE_DSL2 -p tcp --dport 25 -j
MARK --set-mark 0x25
iptables -t mangle -A OUTPUT -o $INTERFACE_LL -p tcp --dport 25 -j MARK
--set-mark 0x25
I don't think this is correct, but i'm not really sure. I guess it's
more appropriate to filter using the destination IP than using outgoing
interface names, because we don't know the -o interface yet here...
[...]
So probably using the destination IP for deciding which packets to mark
sounds like a better idea:
iptables -t mangle -A OUTPUT -o ! in.ter.nal/msk -p tcp --dport 25 -j
MARK --set-mark 0x25
Ok, with the new routing table and the new mark rule, it seems that the
routing is more correct. :o)
ip rule add prio 103 fwmark 0x25 table 204
ip route add default via $GATEWAY_LL dev $INTERFACE_LL proto static
table 204
iptables -t mangle -A OUTPUT -d ! $INTERNAL_LAN -p tcp --dport 25 -j
MARK --set-mark 0x25
Thank you for your answers.
Regards.
--
==============================================
| FREDERIC MASSOT |
| http://www.juliana-multimedia.com |
| mailto:frederic@juliana-multimedia.com |
===========================Debian=GNU/Linux===
Reply to: