[lug] forcing certain services to use eth1 instead of eth0

John Hernandez John.Hernandez at noaa.gov
Tue Jan 3 16:23:19 MST 2006 

Michael, the iproute2 tools allow you to fix the basic case of return
path asymmetry.  For a good tutorial, read this article:

http://www.linuxjournal.com/article/7291

This generally solves the issue for server processes such as imapd or
httpd, where your machine does not originate any connections.

However, for traffic that originates from a process on your multi-homed
machine, for example an outbound e-mail message, you may need to take
further steps to ensure the behavior you want.

Some apps allow you to choose a source address/interface.  For example,
'ping -I eth1 ...'

In other cases where no such parameter is available to you, one can
still use the iptables mark module to "label" packets based on things
like source port.  That label can then be used by the fwmark selector of
iproute2 to select the proper table.

Ex:

# Mark outbound packets with a source port of 25

iptables -t mangle -A OUTPUT -p tcp --sport 25 -j MARK

# Use the correct table
ip rule add fwmark 1 table 1
ip route add default table 1 via 10.1.1.1 dev eth1

Michael Belanger wrote:
> Greetings.
> I have two Ethernet Interfaces, eth0, eth1.
> Specifically, I want to keep backups and nfs running on one interface and 
> mail(smtp/imap) running on another.  
> 
> We have an Astaro Security Gateway running as our firewall.
> 
> The machine in question has two interfaces on the same local network. The 
> firewall SNAT's the outgoing requests to appear as our public mailserver 
> address.  This only half works at the moment because the rules are dealing 
> with the eth1 address not the eth0.
> 
> man of 'route' doesn't seem to have info on how to do this with ports, and 
> google searches come up with few solutions.
> 
> Any suggestions?
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

-- 

 |  John Hernandez - NOAA Boulder NOC - 303-497-6392
 |  Mailstop R/OM62. 325 Broadway, Boulder, CO 80305
 |  PGP Public Key ID: 586A7E23

More information about the LUG mailing list