# ip route show table mytable 200.62.1X7.36/30 dev eth0 proto kernel scope link src 200.62.1X7.38 200.62.1X2.192/28 dev eth0 proto kernel scope link src 200.62.1X2.195 192.168.100.0/24 dev eth2 proto kernel scope link src 192.168.100.1 192.168.99.0/24 dev eth1 proto kernel scope link src 192.168.99.1 default via 200.62.1X7.37 dev eth0 src 200.62.1X2.195 # ip rule show 0: from all lookup 255 32765: from all fwmark 0x19 lookup mytable 32766: from all lookup main 32767: from all lookup default # ip addr show dev eth02: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:19:d1:75:db:4c brd ff:ff:ff:ff:ff:ff inet 200.62.1X7.38/30 brd 200.62.1X7.39 scope global eth0 inet 200.62.1X2.193/28 brd 200.62.1X2.207 scope global eth0:0 inet 200.62.1X2.195/28 brd 200.62.1X2.207 scope global secondary eth0:1 inet 200.62.1X2.200/28 brd 200.62.1X2.207 scope global secondary eth0:2 inet 200.62.1X2.201/28 brd 200.62.1X2.207 scope global secondary eth0:3 inet 200.62.1X2.202/28 brd 200.62.1X2.207 scope global secondary eth0:4 inet 200.62.1X2.203/28 brd 200.62.1X2.207 scope global secondary eth0:5 inet 200.62.1X2.205/28 brd 200.62.1X2.207 scope global secondary eth0:6 inet6 fe80::219:d1ff:fe75:db4c/64 scope link valid_lft forever preferred_lft forever # grep MYTABLE /var/log/messages | tailSep 23 13:38:22 proxy kernel: MYTABLEIN=eth0 OUT= MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131 DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=8292 PROTO=TCP SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK URGP=0 Sep 23 13:38:45 proxy kernel: MYTABLEIN=eth0 OUT= MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=72.71.207.202 DST=200.62.182.195 LEN=60 TOS=0x00 PREC=0x00 TTL=115 ID=245 DF PROTO=TCP SPT=2403 DPT=25 WINDOW=16384 RES=0x00 SYN URGP=0 Sep 23 13:38:45 proxy kernel: MYTABLEIN=eth0 OUT= MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=72.71.207.202 DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=263 DF PROTO=TCP SPT=2403 DPT=25 WINDOW=17520 RES=0x00 ACK URGP=0 Sep 23 13:38:48 proxy kernel: MYTABLEIN=eth0 OUT= MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131 DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=13381 PROTO=TCP SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK URGP=0 Sep 23 13:38:48 proxy kernel: MYTABLEIN=eth0 OUT= MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131 DST=200.62.182.195 LEN=87 TOS=0x00 PREC=0x00 TTL=115 ID=13382 PROTO=TCP SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK PSH URGP=0 Sep 23 13:38:49 proxy kernel: MYTABLEIN=eth0 OUT= MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131 DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=13559 PROTO=TCP SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK URGP=0 Sep 23 13:38:49 proxy kernel: MYTABLEIN=eth0 OUT= MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131 DST=200.62.182.195 LEN=129 TOS=0x00 PREC=0x00 TTL=115 ID=13560 PROTO=TCP SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK PSH URGP=0 Sep 23 13:38:50 proxy kernel: MYTABLEIN=eth0 OUT= MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131 DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=13723 PROTO=TCP SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK URGP=0 Sep 23 13:38:50 proxy kernel: MYTABLEIN=eth0 OUT= MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131 DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=13724 PROTO=TCP SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK RST URGP=0 Sep 23 13:38:55 proxy kernel: MYTABLEIN=eth0 OUT= MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=72.71.207.202 DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=469 DF PROTO=TCP SPT=2403 DPT=25 WINDOW=0 RES=0x00 ACK RST URGP=0
Brian Schrock escribió:
I have had a similar setup working, and will be doing something very similar soon so I am interested. Can you output the result of "ip route show table mytable" ? Make sure the routes really are were you think they are. Also when I trouble shoot stuff like this I use the LOG target often...iptables -t mangle -A PREROUTING -p tcp --dport 25 -j LOG --log-prefix 'MYTABLE: 'Use 'grep "MYTABLE: ' /var/log/syslog to watch packets go though.Then I would do something very similar to the other places in the iptables chain/flow to see what the packets does as it goes through your box.Brian,On Tue, Sep 23, 2008 at 1:30 PM, Jason Voorhees <jvoorhees1@gmail.com <mailto:jvoorhees1@gmail.com>> wrote:Hi friends: I have a linux box with multiple ip addresses: eth0 -> IP1 eth0:0 -> IP2 eth0:1 -> IP3 eth0:2 -> IP4 All outgoing traffic is using IP1 as source address. But now I want to use a different IP address (IP1, IP2, IP3 or IP4) as the source address for all smtp outgoing packets locally generated in my linux box. I decided to mark such packets like this: iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 0x19 Then I created a new table in /etc/iproute2/rt_tables adding this: 252 mytable Now the rules and routes: ip rule add priority 32765 fwmark 0x19 table mytable ip route add to default dev eth0 via IP_GATEWAY src IP2 table mytable ip route flush cached When I do telnet to some smtp host I can see my linux box is still using IP1 instead of IP2. Then I check iptables statistics "iptables -t mangle -L -nv" and the number of packets matched (marked) is increasing so... I think something is not working in my iproute rules. Does anybody know what am I doing wrong? Thanks-- To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org<mailto:debian-firewall-REQUEST@lists.debian.org> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org <mailto:listmaster@lists.debian.org>