[lug] forcing certain services to use eth1 instead of eth0
John Hernandez
John.Hernandez at noaa.gov
Tue Jan 3 16:31:14 MST 2006
See my last e-mail for some clarification about marking packets.
In the examples you give below, the -o option specifies a selection
criteria, so it's not doing what you want. It says, "match this rule IF
the packet is exiting the box on interface eth1." This assumes the
routing decision has already been made elsewhere. For this reason, -o
makes no sense in the INPUT chain.
Michael Belanger wrote:
> I read something similar to your example, but my eyes glazed over.. Not sure I
> understand or even like the word 'MANGLE' when we are talking about email. :)
>
> From what I am reading, this *should* work.. Am I wrong?
>
> # Pass all SMTP traffic through eth1
> -A INPUT -o eth1 -m tcp -p tcp --dport 25 -j ACCEPT
> -A OUTPUT -o eth1 -m tcp -p tcp --sport 25 -j ACCEPT
>
> # Pass all IMAP traffic through eth1
> -A INPUT -o eth1 -p tcp -m tcp --dport 143 --syn -j ACCEPT
> -A INPUT -o eth1 -p tcp -m tcp --dport 993 --syn -j ACCEPT
>
> -A OUTPUT -o eth1 -p tcp -m tcp --sport 143 --syn -j ACCEPT
> -A OUTPUT -o eth1 -p tcp -m tcp --sport 993 --syn -j ACCEPT
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
--
| John Hernandez - NOAA Boulder NOC - 303-497-6392
| Mailstop R/OM62. 325 Broadway, Boulder, CO 80305
| PGP Public Key ID: 586A7E23
More information about the LUG
mailing list