[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Policy routing on local packets

Andreas Onderka escribió:
> Hello
> Pascal Hambourg schrieb:
>> Hello,
>> Jason Voorhees a écrit :
>>> I have a linux box with multiple ip addresses:
>>> eth0 -> IP1
>>> eth0:0 -> IP2
>>> eth0:1 -> IP3
>>> eth0:2 -> IP4
>>> All outgoing traffic is using IP1 as source address. But now I want
>>> to use a different IP address (IP1, IP2, IP3 or IP4) as the source
>>> address for all smtp outgoing packets locally generated in my linux
>>> box.
>>> I decided to mark such packets like this:
>>> iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK
>>> --set-mark 0x19
>> This won't help for two reasons. First, the PREROUTING chains only
>> catch incoming packets, not locally genenerated packets (except on
>> the loopback interface). Locally genenerated packets hit the OUTPUT
>> and POSTROUTING chains. Second, source address selection occurs
>> before the packet hits the iptables chains, so mark-based routing can
>> only change the output interface and next hop, not the source address.
>> You have two options. Set the desired source address in the SMTP
>> applications if such option is available. Or use an iptables rule
>> with the SNAT target in the POSTROUTING chain to change the source
>> address of outgoing SMTP packets.
> Think also an iptablerule is much more easyer.
> iptables -t nat -A POSTROUTING -p tcp -o <extIF> --sport 25 -j SNAT
> --to-source <IP2>
Don't forget that the SNAT target is for static ip.

Otherwise, you should use MASQUERADE if you are on a dynamic IP address.


Reply to: