ipchains, NAT, multiple uplinks

Discussion in 'Linux Networking' started by meshko, Jan 18, 2008.

  1. meshko

    meshko Guest

    Hi,
    I'm beginning to convert my Linux firewall to use multiple uplinks to
    different ISPs.
    There is one thing that I don't understand how do to (even before
    attempting to do anything): right now I have an ipchains rule which
    set the source address of all packets going to port 25 to a specific
    ip address which has a reverse DNS record which is pretty much
    required for SMTP connections nowadays. What should I do with that
    rule now that the connection might actually be going through another
    uplink?

    Thanks!
     
    meshko, Jan 18, 2008
    #1
    1. Advertisements

  2. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    meshko> Hi,
    meshko> I'm beginning to convert my Linux firewall to use multiple uplinks to
    meshko> different ISPs.
    meshko> There is one thing that I don't understand how do to (even before
    meshko> attempting to do anything): right now I have an ipchains rule which
    meshko> set the source address of all packets going to port 25 to a specific
    meshko> ip address which has a reverse DNS record which is pretty much
    meshko> required for SMTP connections nowadays. What should I do with that
    meshko> rule now that the connection might actually be going through another
    meshko> uplink?

    Since, your IP (which has reverse DNS record setup) can't be used as
    source address in IP packets going out via another link, so you need to
    relay all your IP packets destined on port 25 via previous link. OR
    setup reverse DNS records for IP address on another link.

    meshko> Thanks!

    HTH
    - --
    Ashish Shukla आशीष शà¥à¤•à¥à¤² http://wahjava.wordpress.com/
    ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFHk6++Hy+EEHYuXnQRAoXAAJ0RggZ/qD64jEFnYbjH22aotzx5sgCgjLrf
    tQnfWDhiU4RWWA2itFLvq9s=
    =7qVI
    -----END PGP SIGNATURE-----
     
    Ashish Shukla आशीष शà¥à¤•à¥à¤², Jan 20, 2008
    #2
    1. Advertisements

  3. I think you will have to do alot of work so you get all what you want
    to do to be active, This may help you,
    http://www.lartc.org
     
    habibielwa7id, Jan 21, 2008
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.