# ip route show table mytable
200.62.1X7.36/30 dev eth0 proto kernel scope link src 200.62.1X7.38
200.62.1X2.192/28 dev eth0 proto kernel scope link src 200.62.1X2.195
192.168.100.0/24 dev eth2 proto kernel scope link src 192.168.100.1
192.168.99.0/24 dev eth1 proto kernel scope link src 192.168.99.1
default via 200.62.1X7.37 dev eth0 src 200.62.1X2.195
# ip rule show
0: from all lookup 255
32765: from all fwmark 0x19 lookup mytable
32766: from all lookup main
32767: from all lookup default
# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
qlen 1000
link/ether 00:19:d1:75:db:4c brd ff:ff:ff:ff:ff:ff
inet 200.62.1X7.38/30 brd 200.62.1X7.39 scope global eth0
inet 200.62.1X2.193/28 brd 200.62.1X2.207 scope global eth0:0
inet 200.62.1X2.195/28 brd 200.62.1X2.207 scope global secondary eth0:1
inet 200.62.1X2.200/28 brd 200.62.1X2.207 scope global secondary eth0:2
inet 200.62.1X2.201/28 brd 200.62.1X2.207 scope global secondary eth0:3
inet 200.62.1X2.202/28 brd 200.62.1X2.207 scope global secondary eth0:4
inet 200.62.1X2.203/28 brd 200.62.1X2.207 scope global secondary eth0:5
inet 200.62.1X2.205/28 brd 200.62.1X2.207 scope global secondary eth0:6
inet6 fe80::219:d1ff:fe75:db4c/64 scope link
valid_lft forever preferred_lft forever
# grep MYTABLE /var/log/messages | tail
Sep 23 13:38:22 proxy kernel: MYTABLEIN=eth0 OUT=
MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131
DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=8292 PROTO=TCP
SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK URGP=0
Sep 23 13:38:45 proxy kernel: MYTABLEIN=eth0 OUT=
MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=72.71.207.202
DST=200.62.182.195 LEN=60 TOS=0x00 PREC=0x00 TTL=115 ID=245 DF PROTO=TCP
SPT=2403 DPT=25 WINDOW=16384 RES=0x00 SYN URGP=0
Sep 23 13:38:45 proxy kernel: MYTABLEIN=eth0 OUT=
MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=72.71.207.202
DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=263 DF PROTO=TCP
SPT=2403 DPT=25 WINDOW=17520 RES=0x00 ACK URGP=0
Sep 23 13:38:48 proxy kernel: MYTABLEIN=eth0 OUT=
MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131
DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=13381 PROTO=TCP
SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK URGP=0
Sep 23 13:38:48 proxy kernel: MYTABLEIN=eth0 OUT=
MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131
DST=200.62.182.195 LEN=87 TOS=0x00 PREC=0x00 TTL=115 ID=13382 PROTO=TCP
SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK PSH URGP=0
Sep 23 13:38:49 proxy kernel: MYTABLEIN=eth0 OUT=
MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131
DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=13559 PROTO=TCP
SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK URGP=0
Sep 23 13:38:49 proxy kernel: MYTABLEIN=eth0 OUT=
MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131
DST=200.62.182.195 LEN=129 TOS=0x00 PREC=0x00 TTL=115 ID=13560 PROTO=TCP
SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK PSH URGP=0
Sep 23 13:38:50 proxy kernel: MYTABLEIN=eth0 OUT=
MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131
DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=13723 PROTO=TCP
SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK URGP=0
Sep 23 13:38:50 proxy kernel: MYTABLEIN=eth0 OUT=
MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=71.96.163.131
DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=13724 PROTO=TCP
SPT=58009 DPT=25 WINDOW=24000 RES=0x00 ACK RST URGP=0
Sep 23 13:38:55 proxy kernel: MYTABLEIN=eth0 OUT=
MAC=00:19:d1:75:db:4c:00:50:73:93:59:76:08:00 SRC=72.71.207.202
DST=200.62.182.195 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=469 DF PROTO=TCP
SPT=2403 DPT=25 WINDOW=0 RES=0x00 ACK RST URGP=0
Brian Schrock escribió:
I have had a similar setup working, and will be doing something very
similar soon so I am interested. Can you output the result of "ip route
show table mytable" ? Make sure the routes really are were you think
they are. Also when I trouble shoot stuff like this I use the LOG target
often...
iptables -t mangle -A PREROUTING -p tcp --dport 25 -j LOG --log-prefix
'MYTABLE: '
Use 'grep "MYTABLE: ' /var/log/syslog to watch packets go though.
Then I would do something very similar to the other places in the
iptables chain/flow to see what the packets does as it goes through your
box.
Brian,
On Tue, Sep 23, 2008 at 1:30 PM, Jason Voorhees <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Hi friends:
I have a linux box with multiple ip addresses:
eth0 -> IP1
eth0:0 -> IP2
eth0:1 -> IP3
eth0:2 -> IP4
All outgoing traffic is using IP1 as source address. But now I want
to use a different IP address (IP1, IP2, IP3 or IP4) as the source
address for all smtp outgoing packets locally generated in my linux box.
I decided to mark such packets like this:
iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK
--set-mark 0x19
Then I created a new table in /etc/iproute2/rt_tables adding this:
252 mytable
Now the rules and routes:
ip rule add priority 32765 fwmark 0x19 table mytable
ip route add to default dev eth0 via IP_GATEWAY src IP2 table mytable
ip route flush cached
When I do telnet to some smtp host I can see my linux box is still
using IP1 instead of IP2. Then I check iptables statistics "iptables
-t mangle -L -nv" and the number of packets matched (marked) is
increasing so... I think something is not working in my iproute rules.
Does anybody know what am I doing wrong? Thanks
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
