sneak at ipnoc.co.za
Sat Apr 9 17:59:10 CEST 2005
I would just like to confirm with you, if machine 192.168.16.56 is to on the
same switch but 3 hops away will the method you describe still work?
----- Original Message -----
From: "Taylor, Grant" <gtaylor at riverviewtech.net>
To: "Ilo Lorusso" <sneak at ipnoc.co.za>; <netfilter at lists.netfilter.org>
Sent: Friday, April 08, 2005 9:29 PM
Subject: Re: Redirecting mail
> This mail server in question (172.20.128.56), is it just used for sending
> email from your internal network out to the world or are you expecting
> from the world to come inbound to it too? Are you wanting this mail
> to continue using the internet connection that it has for all traffic
> SMTP or are you wanting all outbound traffic to pass through
> I would be tempted to use a combination of IPTables and IP routing rules.
> Namely I'd do something like the following on the mail server
> iptables -t nat -A OUTPUT -p tcp --sport 25 -j MARK --set-mark $SMTP_Mark
> ip route add table $IPRoute2_SMTP_Table 192.168.16.0/24 dev
> $DEV_of_internal_network src $IP_of_DEV_of_internal_network
> ip route add table $IPRoute2_SMTP_Table default via 192.168.16.56
> ip rule add fwmark $SMTP_Mark table $IPRoute2_SMTP_Table
> $SMTP_Mark is the value you want to use to mark the packets that need to
> the alternant route.
> $IPRoute2_SMTP_Table is the name as it appears in /etc/iproute2/rt_tables
> the number of the table that you want to use.
> $DEV_of_internal_network is the device name of your internal network
> $IP_of_DEV_of_internal_network is the IP address of the device name of
> internal network interface.
> This should cause any traffic that leaves the mail server in question to
> pass through the alternent route out to the internet. If you have any
> questions or need more help let me know and I'll see what I can do.
> Grant. . . .
More information about the netfilter