Bodo Huber wrote: > Hello, > > I have successfully installed and configured a multi ISP environment > based on Shorewall 3.4.3. I achieved this pretty much exaclty like > explained in the related documentation > (http://www.shorewall.net/MultiISP.html). Everything is working fine, I > am using the 'track' option. > > In addition to shorewall there is a SMTP relaying deamon running on the > same machine. Mails transfered to 'net' will be relayed by '$FW'. >
You need to mark the traffic from the firewall. > Due to some reverse DNS checks of some outside mail servers, now I have > to ensure that all outgoing SMTP traffic is routed through a specific > ISP (the one with the registered public IPs for the domain). > Unfortunately I was not able to find a way to do this. The mentioned > example in MultiISP.html does not work in my case because the traffics > source is '$FW' where the 'P' chain can not be used: >> Now suppose that you want to route all outgoing SMTP traffic from your >> local network through ISP 2. You would make this entry in >> /etc/shorewall/tcrules <http://www1.shorewall.net/traffic_shaping.htm> >> (and if you are running a version of Shorewall earlier than 3.0.0, you >> would set TC_ENABLED=Yes in /etc/shorewall/shorewall.conf >> <http://www1.shorewall.net/MultiISP.html???>). >> >> #MARK SOURCE DEST PROTO PORT(S) >> CLIENT USER TEST >> # PORT(S) >> 2:P <local network> 0.0.0.0/0 tcp 25 > How can I achive that SMTP generated by $FW is routed through a > particular ISP? > Hi: Just drop the :P part, then the outbound traffic from the firewall is marked in the tcout chain. Something like this should work: 2 $FW 0.0.0.0/0 tcp 25 Make sure you have the recommended entries in the masq file Jerry ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
