[lug] forcing certain services to use eth1 instead of eth0

Nate Duehr nate at natetech.com
Tue Jan 3 16:55:27 MST 2006


Michael Belanger wrote:
> On Tuesday 03 January 2006 14:09, Zan Lynx wrote:
>> iptables -t mangle -j MARK
>> ip rule add fwmark 1 table 1
>> ip route add default table 1 via 1.2.3.4 dev eth1
>>
>> Google the Linux Advanced Routing HOWTO.
>>
>> There's also an iptables ROUTE module that lets you force routing
>> decisions there, if you're using a new enough kernel and iptables
>> combination.
> 
> 
> I read something similar to your example, but my eyes glazed over.. Not sure I 
> understand or even like the word 'MANGLE' when we are talking about email. :)
> 
> From what I am reading, this *should* work.. Am I wrong?
> 
> # Pass all SMTP traffic through eth1
> -A INPUT -o eth1 -m tcp -p tcp --dport 25  -j ACCEPT
> -A OUTPUT -o eth1 -m tcp -p tcp --sport 25  -j ACCEPT
> 
> # Pass all IMAP traffic through eth1
> -A INPUT -o eth1 -p tcp -m tcp --dport 143 --syn -j ACCEPT
> -A INPUT -o eth1 -p tcp -m tcp --dport 993 --syn -j ACCEPT
> 
> -A OUTPUT -o eth1 -p tcp -m tcp --sport 143 --syn -j ACCEPT
> -A OUTPUT -o eth1 -p tcp -m tcp --sport 993 --syn -j ACCEPT

Hang on... seems like you're trying to get too fancy here.

I'm assuming that you've got two different IP addresses on eth0 and eth1?

If so, then on the "inbound from clients" connection -- they're 
connecting to the IP on eth1 -- nothing to set up there.  Your router 
and/or switch should be ARP'ing for that IP and sending the traffic to 
the physical port that answers the ARP request.  No-brainer.

On the "outbound toward client" side of the connection... your daemon 
should be answering using the IP address (socket, really) it received 
the connection on?  If so... it'd all be going out eth1 also.  If the 
application isn't doing that, something's not right.

So... I'm not sure why you'd need any firewall rules or anything other 
than the correct IP's in everything, including the daemon configurations 
for whatever is listening on your machine.  Traffic to eth0's IP would 
use eth0... traffic to eth1's IP would use eth1...???

Nate



More information about the LUG mailing list