Routing Mail Traffic Problem - iproute2
Etx1 - First Internet Line - eth0
Ext2 - Second Internet line - eth2
LAN - Local Area Network - eth1
GW1 - Gateway first Internet Line
GW2 - Second Internet Line
Other traffic - Ext1 -------+-------+----------
eth0 | |eth2
+-------+-------+
| ROUTER |
+----+------+---+
|eth1
192.168.0.0/24 -----------------+
|
192.168.0.1/24------------
|
192.168.0.2/24------------
The problem is that i can't check e-mails if server name in e-mail client is mail.mail.org
i can check e-mail only if server addrress is 192.168.0.2
I have :
iptables -t mangle -I PREROUTING -i eth1 -s 192.168.0.0/24 -d mail.mail.org -p tcp --dport 110 -j MARK --set-mark 67
iptables -t mangle -I PREROUTING -i eth1 -s 192.168.0.0/24 -d mail.mail.org -p tcp --dport 25 -j MARK --set-mark 67
/sbin/ip route add 192.168.0.0/24 dev eth1 table natips
/sbin/ip route add 127.0.0.0/8 dev lo scope link table natips
/sbin/ip route add default via 192.168.0.2 dev eth1 table natips
/sbin/ip route flush cache
/sbin/ip rule add fwmark 67 table mail
But it's not working .
root@fw:/usr/src/linux# ip rule list
0: from all lookup local
32764: from all fwmark 0x43 lookup mail
32765: from all fwmark 0x42 lookup natips
32766: from all lookup main
32767: from all lookup default
root@fw:/usr/src/linux#
root@fw:/usr/src/linux# ip route list
192.168.0.2 dev eth1 scope link
213.91.108.248/29 dev eth0 proto kernel scope link src 213.91.108.250
213.91.108.248/29 dev ipsec0 proto kernel scope link src 213.91.108.250
217.30.248.0/24 dev eth2 proto kernel scope link src 217.30.248.135
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1
192.168.0.0/16 via 213.91.208.249 dev ipsec0
127.0.0.0/8 dev lo scope link
default via 213.91.108.249 dev eth0 metric 1
default via 217.30.248.1 dev eth2 metric 2
Any help is very appreciated.
Ext2 - Second Internet line - eth2
LAN - Local Area Network - eth1
GW1 - Gateway first Internet Line
GW2 - Second Internet Line
Other traffic - Ext1 -------+-------+----------
eth0 | |eth2
+-------+-------+
| ROUTER |
+----+------+---+
|eth1
192.168.0.0/24 -----------------+
|
192.168.0.1/24------------
|
192.168.0.2/24------------
The problem is that i can't check e-mails if server name in e-mail client is mail.mail.org
i can check e-mail only if server addrress is 192.168.0.2
I have :
iptables -t mangle -I PREROUTING -i eth1 -s 192.168.0.0/24 -d mail.mail.org -p tcp --dport 110 -j MARK --set-mark 67
iptables -t mangle -I PREROUTING -i eth1 -s 192.168.0.0/24 -d mail.mail.org -p tcp --dport 25 -j MARK --set-mark 67
/sbin/ip route add 192.168.0.0/24 dev eth1 table natips
/sbin/ip route add 127.0.0.0/8 dev lo scope link table natips
/sbin/ip route add default via 192.168.0.2 dev eth1 table natips
/sbin/ip route flush cache
/sbin/ip rule add fwmark 67 table mail
But it's not working .
root@fw:/usr/src/linux# ip rule list
0: from all lookup local
32764: from all fwmark 0x43 lookup mail
32765: from all fwmark 0x42 lookup natips
32766: from all lookup main
32767: from all lookup default
root@fw:/usr/src/linux#
root@fw:/usr/src/linux# ip route list
192.168.0.2 dev eth1 scope link
213.91.108.248/29 dev eth0 proto kernel scope link src 213.91.108.250
213.91.108.248/29 dev ipsec0 proto kernel scope link src 213.91.108.250
217.30.248.0/24 dev eth2 proto kernel scope link src 217.30.248.135
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1
192.168.0.0/16 via 213.91.208.249 dev ipsec0
127.0.0.0/8 dev lo scope link
default via 213.91.108.249 dev eth0 metric 1
default via 217.30.248.1 dev eth2 metric 2
Any help is very appreciated.
ASKER
natips is only for web trafic that goes to eth2
mail table is for route pop3 to 192.168.0.2 i hope but it's not working
because mail.mail.org is resolved with ip of eth0
instead of 192.168.0.2
i think diffrenece betwwen 42 is in HEX in Decimal is 66
43 is 67
mail table is for route pop3 to 192.168.0.2 i hope but it's not working
because mail.mail.org is resolved with ip of eth0
instead of 192.168.0.2
i think diffrenece betwwen 42 is in HEX in Decimal is 66
43 is 67
ASKER
it seams to be a resolution problem
bcause mailmail.org is resolved with my external IP that is connected to the internet .
bcause mailmail.org is resolved with my external IP that is connected to the internet .
ASKER
This Problem is solved i setup DNS server and add new zone and host record to point
mail.mail.org to 192.168.0.2
mail.mail.org to 192.168.0.2
:-)
It was one of my thoughs, but as you were at routing, I supposed you already had the domain names part solved already
please ask for a refund of your points =)
It was one of my thoughs, but as you were at routing, I supposed you already had the domain names part solved already
please ask for a refund of your points =)
ASKER
Redimido i'm wodering can i do this without DNS ?
you must not.
in these days, to have an email server which does not respond to a valid domain name, invites the email receviers to block you.
it is necessary for you to point your MX record to your ip in order to send/receive messages.
if you only want your client to connect to the pop3 or imap server, then it is okay not to have DNS. you can use ip addresses only for that matter. but if the server cannot send/receive email, then it is more or less useless, don't you think?
Regards
in these days, to have an email server which does not respond to a valid domain name, invites the email receviers to block you.
it is necessary for you to point your MX record to your ip in order to send/receive messages.
if you only want your client to connect to the pop3 or imap server, then it is okay not to have DNS. you can use ip addresses only for that matter. but if the server cannot send/receive email, then it is more or less useless, don't you think?
Regards
mmhh... it's okay with me.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
why are you marking 67 the traffic to your email, while you have the natips table looking for traffic marked 42?
32765: from all fwmark 0x42 lookup natips
and my other question is, why do you are using diferent tables when you can use the default?