[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 232
  • Last Modified:

Routing Mail Traffic Problem - iproute2

Etx1 - First Internet Line  - eth0
Ext2 - Second Internet line - eth2
LAN - Local Area Network - eth1
GW1 - Gateway first Internet Line
GW2 - Second Internet Line


Other traffic - Ext1 -------+-------+--------------- Ext2 ---Web goes Here
                   eth0 |          |eth2
                  +-------+-------+
                  |     ROUTER      |
                  +----+------+---+
                          |eth1
192.168.0.0/24 -----------------+
                        |
192.168.0.1/24------------------- - Gateway
                        |
192.168.0.2/24------------------- - Mail.Mail.org


The problem is that i can't check e-mails if server name in e-mail client is mail.mail.org
i can check e-mail only if server addrress is 192.168.0.2

I have :
iptables -t mangle -I PREROUTING -i eth1 -s 192.168.0.0/24 -d mail.mail.org -p tcp --dport 110 -j MARK --set-mark 67
iptables -t mangle -I PREROUTING -i eth1 -s 192.168.0.0/24 -d mail.mail.org -p tcp --dport 25 -j MARK --set-mark 67


/sbin/ip route add 192.168.0.0/24 dev eth1 table natips
/sbin/ip route add 127.0.0.0/8 dev lo  scope link table natips
/sbin/ip route add default via 192.168.0.2 dev eth1 table natips
/sbin/ip route flush cache
/sbin/ip rule add fwmark 67 table mail


But it's not working .

root@fw:/usr/src/linux# ip rule list
0:      from all lookup local
32764:  from all fwmark 0x43 lookup mail
32765:  from all fwmark 0x42 lookup natips
32766:  from all lookup main
32767:  from all lookup default
root@fw:/usr/src/linux#


root@fw:/usr/src/linux# ip route list
192.168.0.2 dev eth1  scope link
213.91.108.248/29 dev eth0  proto kernel  scope link  src 213.91.108.250
213.91.108.248/29 dev ipsec0  proto kernel  scope link  src 213.91.108.250
217.30.248.0/24 dev eth2  proto kernel  scope link  src 217.30.248.135
192.168.0.0/24 dev eth1  proto kernel  scope link  src 192.168.0.1
192.168.0.0/16 via 213.91.208.249 dev ipsec0
127.0.0.0/8 dev lo  scope link
default via 213.91.108.249 dev eth0  metric 1
default via 217.30.248.1 dev eth2  metric 2




Any help is very appreciated.
0
snedelchev
Asked:
snedelchev
  • 4
  • 4
1 Solution
 
Gabriel OrozcoSolution ArchitectCommented:
I'm in risk of telling something wrong here but

why are you marking 67 the traffic to your email, while you have the natips table looking for traffic marked 42?

32765:  from all fwmark 0x42 lookup natips

and my other question is, why do you are using diferent tables when you can use the default?
0
 
snedelchevAuthor Commented:
natips is only for web trafic that goes to eth2
mail table is for route pop3 to 192.168.0.2 i hope but it's not working
because mail.mail.org is resolved with ip of eth0  
instead of 192.168.0.2

i think diffrenece betwwen 42 is in HEX in Decimal is 66
43 is 67
0
 
snedelchevAuthor Commented:
it seams to be a resolution problem
bcause mailmail.org is resolved with my external IP that is connected to the internet .
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
snedelchevAuthor Commented:
This Problem is solved i setup DNS server and add new zone and host record to point
mail.mail.org to 192.168.0.2
0
 
Gabriel OrozcoSolution ArchitectCommented:
:-)

It was one of my thoughs, but as you were at routing, I supposed you already had the domain names part solved already

please ask for a refund of your points =)
0
 
snedelchevAuthor Commented:
Redimido i'm wodering can i do this without DNS ?
0
 
Gabriel OrozcoSolution ArchitectCommented:
you must not.

in these days, to have an email server which does not respond to a valid domain name, invites the email receviers to block you.

it is necessary for you to point your MX record to your ip in order to send/receive messages.

if you only want your client to connect to the pop3 or imap server, then it is okay not to have DNS. you can use ip addresses only for that matter. but if the server cannot send/receive email, then it is more or less useless, don't you think?

Regards
0
 
Gabriel OrozcoSolution ArchitectCommented:
mmhh... it's okay with me.
0
 
AnnieModCommented:
PAQ'd  and 500 points refunded

AnnieMod
Cleanup Admin
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now