Forums

Resolved
0 votes
I use two wan (Interfaces
number 2 and number 6) for connection to the Internet. ClearOS manages the internal e-mail and to send it outside using a relayhost on port 587. I would like to make sure that the outgoing mail from clear to use a specific interface (number 6). it's possible?
Monday, April 03 2017, 11:53 AM
Share this post:

Accepted Answer

Tuesday, April 04 2017, 04:03 AM - #Permalink
Resolved
0 votes
OK - maybe this will work... Certainly controls which interface traceroute uses with port 587 and TCP
First - what is the address of the mail server

[root@alice ~]# nslookup mail.bigpond.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: mail.bigpond.com
Address: 203.36.137.241


We have multi-wan with two interfaces

[root@alice ~]# ip route
192.168.4.0/24 dev eth0 proto kernel scope link src 192.168.4.14 # External via gw 192.168.4.1 - a tp-link adsl modem
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.14 # Internal LAN
192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.14 # External via gw 192.168.0.1 - a netgear cable modem


Let's use eth0...

[root@alice ~]# route add -host 203.36.137.241 gw 192.168.4.1
[root@alice ~]# traceroute -p 587 -T 203.36.137.241
traceroute to 203.36.137.241 (203.36.137.241), 30 hops max, 60 byte packets
1 tp-link-4.sraellis.com (192.168.4.1) 0.488 ms 0.673 ms 0.798 ms # <++++++++++ correct
2 10.20.23.206 (10.20.23.206) 14.929 ms 15.932 ms 17.472 ms
3 syd-apt-ros-agr11-be-14.tpgi.com.au (202.7.171.5) 18.803 ms 19.602 ms 20.902 ms
4 syd-apt-ros-wgw1-be-20.tpgi.com.au (203.29.134.71) 21.796 ms 22.481 ms syd-apt-ros-wgw1-be-10.tpgi.com.au (203.29.134.7) 23.726 ms
5 203-219-107-198.static.tpgi.com.au (203.219.107.198) 25.014 ms 27.004 ms 28.738 ms
6 TenGigE0-3-0-19.chw-edge901.sydney.telstra.net (139.130.209.229) 29.646 ms 29.722 ms 31.359 ms
7 bundle-ether13.chw-core10.sydney.telstra.net (203.50.11.98) 34.230 ms 19.235 ms 21.757 ms
8 bundle-ether1.chw-edge902.sydney.telstra.net (203.50.11.101) 19.884 ms 19.475 ms 19.635 ms
9 tel1901616.lnk.telstra.net (139.130.4.126) 19.815 ms 19.952 ms 20.197 ms
10 203.36.137.241 (203.36.137.241) 20.924 ms 20.491 ms 19.619 ms


Now delete the route and use eth2

[root@alice ~]# route del -host 203.36.137.241 gw 192.168.4.1
[root@alice ~]# route add -host 203.36.137.241 gw 192.168.0.1
[root@alice ~]# traceroute -p 587 -T 203.36.137.241
traceroute to 203.36.137.241 (203.36.137.241), 30 hops max, 60 byte packets
1 netgear.sraellis.com (192.168.0.1) 9.117 ms 9.060 ms 9.021 ms # <++++++++++ correct
2 10.209.192.1 (10.209.192.1) 9.304 ms 9.409 ms 9.412 ms
3 CPE-58-160-249-2.wa.bigpond.net.au (58.160.249.2) 9.448 ms 9.438 ms 12.850 ms
4 bundle-ether4.ken-edge902.sydney.telstra.net (203.50.12.106) 14.321 ms 14.419 ms 14.296 ms
5 bundle-ether2.chw-edge902.sydney.telstra.net (203.50.11.105) 14.280 ms 14.163 ms 14.157 ms
6 tel1901616.lnk.telstra.net (139.130.4.126) 13.902 ms 11.452 ms 16.273 ms
7 203.36.137.241 (203.36.137.241) 16.356 ms 14.645 ms 14.307 ms


Now just reverse again for a double-check

[root@alice ~]# route del -host 203.36.137.241 gw 192.168.0.1
[root@alice ~]# route add -host 203.36.137.241 gw 192.168.4.1
[root@alice ~]# traceroute -p 587 -T 203.36.137.241
traceroute to 203.36.137.241 (203.36.137.241), 30 hops max, 60 byte packets
1 tp-link-4.sraellis.com (192.168.4.1) 0.399 ms 0.538 ms 0.682 ms # <++++++++++ correct
2 10.20.23.206 (10.20.23.206) 14.114 ms 14.955 ms 16.243 ms
3 syd-apt-ros-agr11-be-14.tpgi.com.au (202.7.171.5) 17.326 ms 18.619 ms 19.708 ms
4 syd-apt-ros-wgw1-be-20.tpgi.com.au (203.29.134.71) 21.408 ms syd-apt-ros-wgw1-be-10.tpgi.com.au (203.29.134.7) 23.461 ms 24.751 ms
5 203-219-107-198.static.tpgi.com.au (203.219.107.198) 25.849 ms 26.675 ms 27.378 ms
6 TenGigE0-3-0-19.chw-edge901.sydney.telstra.net (139.130.209.229) 29.266 ms 29.366 ms 30.564 ms
7 bundle-ether13.chw-core10.sydney.telstra.net (203.50.11.98) 32.224 ms 22.008 ms 20.964 ms
8 bundle-ether1.chw-edge902.sydney.telstra.net (203.50.11.101) 21.935 ms 21.578 ms 21.207 ms
9 tel1901616.lnk.telstra.net (139.130.4.126) 20.784 ms 20.317 ms 18.896 ms
10 203.36.137.241 (203.36.137.241) 19.165 ms 18.697 ms 19.195 ms
The reply is currently minimized Show
Responses (3)
  • Accepted Answer

    Monday, April 03 2017, 02:16 PM - #Permalink
    Resolved
    0 votes
    specifically mentions LAN traffic for Source Based Routes - but not for in the description for "Destination Port Rules" - bummer if it doesn't work...

    The description for Destination Port Rules mentions DNS traffic - would have expected LAN systems to use the ClearOS dnsmasq cache to answer DNSqueries, and ClearOS itself to forward the request to external DNS servers for non-cached lookups - hence the Destination Port Rules should work for traffic originating within ClearOS... plus of course DNS lookups ClearOS needs for it own operation... e.g. yum updates...

    It's just gone midnight here in Oz - so off to bed - will look at this in the morning - in the meantime some-body else might step in to help you...

    Here is the full help...

    Source Based Routes

    In some situations, you may want a system on your local area network (LAN) to always use a particular WAN interface. A source-based route definition makes this possible.


    Destination Port Rules

    In some situations, you may want to send network traffic for a specific port out a particular WAN interface. For example, you may want to send all DNS traffic out a particular WAN network.


    Update: You are correct from the tests just concluded -so I find the help misleading. The words "system on your local area network (LAN)" should also be added to the Destination Port Rules verbiage...
    The reply is currently minimized Show
  • Accepted Answer

    Monday, April 03 2017, 01:32 PM - #Permalink
    Resolved
    0 votes
    The function indicated only works for clients that are routed to the specified connection?
    In my system I found that the output connection of the postfix is ​​not exiting the ehternet card listed in the "rules destinatio port" (port 587 - enabled)
    The reply is currently minimized Show
  • Accepted Answer

    Monday, April 03 2017, 01:11 PM - #Permalink
    Resolved
    0 votes
    Use "Destination Port Rules" - last section on the Webconfig multi-wan page (you may need to scroll down to see it...)

    You can specify which interface to use for a particular port destination - assuming "In some situations, you may want to send network traffic for a specific port out a particular WAN interface. For example, you may want to send all DNS traffic out a particular WAN network. "
    The reply is currently minimized Show
Your Reply