Re: Policy routing on local packets
Pascal Hambourg schrieb:
Jason Voorhees a écrit :
I have a linux box with multiple ip addresses:
eth0 -> IP1
eth0:0 -> IP2
eth0:1 -> IP3
eth0:2 -> IP4
All outgoing traffic is using IP1 as source address. But now I want to
use a different IP address (IP1, IP2, IP3 or IP4) as the source
address for all smtp outgoing packets locally generated in my linux box.
I decided to mark such packets like this:
iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark
This won't help for two reasons. First, the PREROUTING chains only catch
incoming packets, not locally genenerated packets (except on the
loopback interface). Locally genenerated packets hit the OUTPUT and
POSTROUTING chains. Second, source address selection occurs before the
packet hits the iptables chains, so mark-based routing can only change
the output interface and next hop, not the source address.
You have two options. Set the desired source address in the SMTP
applications if such option is available. Or use an iptables rule with
the SNAT target in the POSTROUTING chain to change the source address of
outgoing SMTP packets.
Think also an iptablerule is much more easyer.
iptables -t nat -A POSTROUTING -p tcp -o <extIF> --sport 25 -j SNAT
tel;work:+43 1 545 46 45 17
tel;fax:+43 1 545 46 60 90
tel;cell:+43 (0)664 1354063