Very Computer

by **marc johnsto** » Wed, 01 Nov 2000 07:06:16

i have a linux router that is also acting as an SMTP mail server. the linux
system has three network interfaces. one to the local ethernet, one to a dsl
connection, and one to an isdn connection.

by default, all traffic goes out the dsl connection.
there are a few static routes to networks that are on the other end of the isdn
link. i would like to force all outgoing smtp packets to go out the isdn
interface as well, without making this the default route.

i have looked at the various advanced routing howtos and have not been able
to make this work.

i've set up ipchains to set an fwmark value for outgoing smtp packets.

then i use the 'ip' utility to add a rule for that fwmark value and reference
that to a separate routing table.

in that routing table, i set the default gateway to be the isdn link. when i
do this, all of my smtp traffic is still going out the dsl interface.

any ideas?

thanks,

marc
--

by **Kart** » Thu, 02 Nov 2000 04:00:00

Quote:
> i have a linux router that is also acting as an SMTP mail server. the
linux
> system has three network interfaces. one to the local ethernet, one to a
dsl
> connection, and one to an isdn connection.

> by default, all traffic goes out the dsl connection.
> there are a few static routes to networks that are on the other end of the
isdn
> link. i would like to force all outgoing smtp packets to go out the isdn
> interface as well, without making this the default route.

> i have looked at the various advanced routing howtos and have not been
able
> to make this work.

> i've set up ipchains to set an fwmark value for outgoing smtp packets.

should be something like :

ipchains -I input -p tcp --dport smtp -m 0x01

Quote:
> then i use the 'ip' utility to add a rule for that fwmark value and
reference
> that to a separate routing table.

ip route add default via 10.1.1.1 table main
ip route add default via 192.168.1.1 table mytable

ip rule add prio 500 from 0/0 to 0/0 fwmark 1 lookup table mytable

Quote:
> in that routing table, i set the default gateway to be the isdn link.
when i
> do this, all of my smtp traffic is still going out the dsl interface.

> any ideas?

I currently use iproute2 package for other purposes and it works very well.
However, I'll have a second Internet link in a few days and prepared my
firewall to act as you want it to with the above command syntax. I though it
should work OK. Could you show the commands you use ?

- Show quoted text -

> thanks,

> marc
> --

by **Marc Johnso** » Thu, 09 Nov 2000 13:07:42

>> i have a linux router that is also acting as an SMTP mail server. the
> linux
>> system has three network interfaces. one to the local ethernet, one to a
> dsl
>> connection, and one to an isdn connection.

>> by default, all traffic goes out the dsl connection.
>> there are a few static routes to networks that are on the other end of the
> isdn
>> link. i would like to force all outgoing smtp packets to go out the isdn
>> interface as well, without making this the default route.

>> i have looked at the various advanced routing howtos and have not been
> able
>> to make this work.

>> i've set up ipchains to set an fwmark value for outgoing smtp packets.
> should be something like :
> ipchains -I input -p tcp --dport smtp -m 0x01

>> then i use the 'ip' utility to add a rule for that fwmark value and
> reference
>> that to a separate routing table.
> ip route add default via 10.1.1.1 table main
> ip route add default via 192.168.1.1 table mytable
> ip rule add prio 500 from 0/0 to 0/0 fwmark 1 lookup table mytable

>> in that routing table, i set the default gateway to be the isdn link.
> when i
>> do this, all of my smtp traffic is still going out the dsl interface.

>> any ideas?
> I currently use iproute2 package for other purposes and it works very well.
> However, I'll have a second Internet link in a few days and prepared my
> firewall to act as you want it to with the above command syntax. I though it
> should work OK. Could you show the commands you use ?

Well, it didn't work. I did have to correct a lot of your commands...

Any tables with 'ip' have to be numbered if they aren't 'main' or 'local'

Anyway, I did all of this and it didn't work. I don't know where to go now.

>> thanks,

>> marc
>> --

--

Very Computer

TOS/FWMARK routing

TOS/FWMARK routing

TOS/FWMARK routing

TOS/FWMARK routing