Help with multi-node routing!
This is a discussion on Help with multi-node routing! within the Linux Networking forums, part of the Linux Forums category; Hello, I need a quick solution... I am an iptables novice, but I have managed to get a rather complex ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-12-2004
|
|||
|
|||
Help with multi-node routing!
Hello,
I need a quick solution... I am an iptables novice, but I have managed to get a rather complex network setup with one small problem. Here is a diagram of my setup (I know 99.x and 98.x are not proper internal IPs, I will get to that later): Http://208.45.203.98/fiber.jpg The Yellow lines are fiber optics that seperate our 3 facilities. The idea behind this network is to be able to have control over the VoIP, internet and LAN/WAN traffic seperately, and ultimately implement some QOS. I am working on just basic routing for now. Now for my problem. My email server is at the corporate office at 10.10.10.2 Here is what I have in rc.local on the plant box (there is nothing in the rc.local on the corporate box): >>>>>> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE iptables -A PREROUTING -t nat -p tcp -d 24.154.84.34 --dport 25 -j DNAT --to 10.10.10.2:25 iptables -A PREROUTING -t nat -p tcp -d 24.154.84.34 --dport 110 -j DNAT --to 10.10.10.2:110 >>>>>> Here are my routes on the plant box >>>>> [root@Cable root]# ip route show 99.0.0.0/24 dev eth0 scope link 172.10.0.0/24 via 192.168.20.10 dev eth2 24.154.84.0/24 dev eth1 scope link 98.0.0.0/24 via 192.168.20.10 dev eth2 192.168.20.0/24 dev eth2 scope link 172.30.0.0/24 via 192.168.20.10 dev eth2 172.20.0.0/24 dev eth3 scope link 10.10.10.0/24 via 192.168.20.10 dev eth2 192.168.10.0/24 via 192.168.20.10 dev eth2 127.0.0.0/8 dev lo scope link default via 24.154.84.1 dev eth1 default via 24.154.84.1 dev eth1 src 24.154.84.40 metric 1 default via 24.154.84.1 dev eth1 src 24.154.84.39 metric 1 default via 24.154.84.1 dev eth1 src 24.154.84.38 metric 1 default via 24.154.84.1 dev eth1 src 24.154.84.37 metric 1 default via 24.154.84.1 dev eth1 src 24.154.84.36 metric 1 default via 24.154.84.1 dev eth1 src 24.154.84.35 metric 1 default via 24.154.84.1 dev eth1 src 24.154.84.34 metric 1 >>>>> here are my routes on the Corporate box: >>>>> [root@localhost root]# ip route show 99.0.0.0/24 via 192.168.20.20 dev eth2 172.10.0.0/24 dev eth3 scope link 98.0.0.0/24 via 192.168.10.20 dev eth1 192.168.20.0/24 dev eth2 scope link 172.30.0.0/24 via 192.168.10.20 dev eth1 172.20.0.0/24 via 192.168.20.20 dev eth2 10.10.10.0/24 dev eth0 scope link 192.168.10.0/24 dev eth1 scope link 127.0.0.0/8 dev lo scope link default via 192.168.20.20 dev eth2 >>>>> So my external email server's address is 24.154.84.34 and it has to be routed like this: 24.154.84.34 -> 192.168.20.20 -> 192.168.20.10 -> 10.10.10.254 -> 10.10.10.2 The problem is, people sending mail from the plant location show up as 192.168.20.20 which is not on the allowed relay list, because outside traffic shows up as that IP too (so if I enable it, it makes me an open relay). How do I get the plant PCs to show up as their own IP and not 192.168.20.20? I would also like to have external incoming mail to have it's ip listed, and not 192.168.20.20 I am pretty sure its all in the masquerading lines in my rc.local, but being a novice, I don't know of another way to do it. This is probably stupid and easy for all you pro's, but can somebody lend me a hand here? CoogarXR "The Linux Virgin" 
|
Linear Mode
