[CentOS] need help in configuring iptables for smtp traffic

Sun Jan 20 12:29:48 UTC 2008
Alain Spineux <aspineux at gmail.com>

On Jan 20, 2008 9:54 AM, ankush grover <ankushcentos at gmail.com> wrote:
> Hi Alain,
>
> Thanks for replying to my question.
> >
> > My understandin is:
> > You are load balancing your outgoing traffic....
>
> Yes, load balancing outgoing traffic
> > >
> > > route add $smtpserver1 netmask 255.255.255.255 gw $publicip1
> > > route add  $publicip1 gw $gw1
> >
> > You are trying to force the GW for smtpserver1, but ....
> >
> Yes, we are trying to the force the gateway for smtpserver1 and
> smtpserver2 . As both the smtpservers will go through specified ISPs.
>
> > > Some more iptables rules which ban sending mails from different
> > > vlans/lans directly to public ips (both 1 and 2)
> > > $IPTABLES -A INPUT -p tcp -s $lan1 -d $publicip1 --dport $SMTP -j DROP \
> > >
> > >
> > > $IPTABLES -A INPUT -p tcp -s $lan2 -d $publicip1 --dport $SMTP -j DROP \
> > >
> > >
> > > $IPTABLES -A INPUT -p tcp -s $lan3 -d $publicip1 --dport $SMTP -j DROP \
> > >
> > >
> > > Same rules we have for publicip2.
> > >
> > > But still we are not able to send emails from the $smtpserver running
> > > in the local lan to outside. Our requirement is like this smtpserver1
> > > which is running postfix should only send/receive emails through
> > > publicip1 and smtpserver2 which is also running postfix should
> > > sends/receive mails through publicip2.
> > >
> > > We are able to receive emails both the public ips on the respective
> > > smtp servers but when we are sending emails to outside world it is
> > > sometimes going through both the public ips from a single smtp server.
> >
> > ... it doesn't work.
> >
> > I had a similar problem.
> > I have create rules in the mangle INPUT table to 'mark' packets , for  example:
> >
> > 0 for packet that must be load balanced
> > 1 for packet that must go through first ISP
> > 2 .... for the second ISP
> >
> > Then in my routing rules, I use the mark to use one or another routing table.
> >
>
> Can you mail me an example that will be very helpful for me.

Sorry dont have these config anymore.

Here are some hint I can remember, (without looking the correct syntax
in the doc)

# create the routing tables
ip route add default gw dev eth1 table 1
ip route add default gw dev eth2 table 2

#redirect to the correct table regarding the mark
ip rule add mark 1 table 1
ip rule add mark 2 table 2

# to set the mark
iptables -t mangle -A PREROUTING $YOURCONDITION[1..n]  -j MARK --set-mark [012]

I  was not using dynamic balancing like you but static balancing
depending on the source IP.

Hope this help
regards






>
>
> Thanks & Regards
>
> Ankush
>



-- 
Alain Spineux
aspineux gmail com
May the sources be with you