hello, I think it should be no problem (at least with smtp), to mangle packets by destination-port. iptables -t nat -I POSTROUTING -p tcp --destination-port 25 -j SNAT --to-source x.x.x.x or use this in posfix main.cf (but I cannot verify this because of using qmail): inet_interfaces = x.x.x.x # listening ip smtp_bind_address = x.x.x.x # outgoing ip :wq buz On Wed, Oct 01, 2003 at 08:54:21PM +0200, Roman Medina wrote: > > Hello, > > Let's suppose a server using ip-aliasing, with two public IPs (on the > same subnet): ip1 and ip2. The server runs two services: > - MTA (postfix) on ip1 > - WWW (apache) on ip2 > (I mean, each service is bound to only one ip, not 0.0.0.0). > > According to the routing table, default gateway is reached through > ip2. This means that when the server acts as a client machine it will > use always ip2. > > Now let's suppose that somebody is using your MTA to send an email. > The server reads the email through ip1, and then will initiate a new > connection to a second MTA (for delivering purposes), according to the > MX record of the destination domain. Well, the problem is that this > new connection is originated from ip2 (the one used for client > purposes as well as WWW server). > > I'd like that all MTA related tasks were launched always from ip1. Do > you know any way of getting this to work? > > I haven't already tried it but if I'm not wrong there is a way to > create iptables rules based on system proccesses. So I had thought in > creating such a rule to mangle packets with ip2 (wrong ip) when they > are generated from postfix. Do you think it is a good idea? Would it > cause an overload in CPU time? > > Which other solutions do you know to solve the problem? > > Saludos, > --Roman > > -- > PGP Fingerprint: > 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 > [Key ID: 0xEAD56742. Available at KeyServ] > > > -- > To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > -- There he goes. One of God's own prototypes. Some kind of high powered mutant never even considered for mass production. Too weird to live, and too rare to die. -- Hunter S. Thomson GnuPG Fingerprint: 2FFF FC48 C7DF 1EA0 00A0 FD53 8C35 FD2E 6908 7B82
Attachment:
pgpA419fGsSZ1.pgp
Description: PGP signature