pcc mail fowarding to spicifice router

arthurmitch · Wed Mar 14, 2012 8:47 pm

ok iv got a pcc topology configured on my rb750gl ether1-lan and ether5-wan1 and ether4-wan2 and they have static ipadress assinged by our isp but one of our pc's on-site cought a virus and sended spam and caused havoc now i am batteling to get that ip unlisted so i want to setup my secondary ip and keep my previos one still active for my clients incoming connections wich is hardcoded into the program and i want only my mail to go out via that other one ip/interface so here is my mangel print output hope someone can help!

MANGEL:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=mark-connection new-connection-mark=wan1_conn
passthrough=no in-interface=ether1-mweb-connect

1 chain=input action=mark-connection new-connection-mark=wan2_conn
passthrough=no in-interface=ether2-is

2 chain=output action=mark-routing new-routing-mark=to_wan1 passthrough=no
connection-mark=wan1_conn

3 chain=output action=mark-routing new-routing-mark=to_wan2 passthrough=no
connection-mark=wan2_conn

4 chain=prerouting action=accept dst-address=196.100.100.0/28
in-interface=lan-bridge

5 chain=prerouting action=accept dst-address=41.100.110.0/28
in-interface=lan-bridge

6 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes connection-state=new protocol=tcp
in-interface=ether1-mweb-connect
dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881

7 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=2040-2050,6000-6020,6080,6500-6501,9091,8061,88-89,881

8 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes connection-state=new protocol=tcp
in-interface=ether1-mweb-connect
dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-8082

9 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes connection-state=new protocol=tcp
in-interface=ether1-mweb-connect dst-port=143,110

10 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=20-25,80-89,443,3000,3203-3206,5900-5935,6000-6020,7000,8080-8082

11 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes connection-state=new protocol=tcp in-interface=ether2-is
dst-port=143,110

12 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=no dst-address=192.168.88.2 in-interface=lan-bridge

13 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=no dst-address=192.168.88.2 in-interface=lan-bridge

14 chain=prerouting action=mark-connection new-connection-mark=wan1_conn
passthrough=yes dst-address-type=!local in-interface=lan-bridge
connection-mark=no-mark per-connection-classifier=both-addresses:2/0

15 chain=prerouting action=mark-connection new-connection-mark=wan2_conn
passthrough=yes dst-address-type=!local in-interface=lan-bridge
connection-mark=no-mark per-connection-classifier=both-addresses:2/1

16 chain=prerouting action=mark-routing new-routing-mark=to_wan1
passthrough=yes in-interface=lan-bridge connection-mark=wan1_conn

17 chain=prerouting action=mark-routing new-routing-mark=to_wan2
passthrough=yes in-interface=lan-bridge connection-mark=wan2_conn

and firewall:

Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Internet on mweb
chain=srcnat action=masquerade out-interface=ether1-mweb-connect

1 ;;; Internet on IS
chain=srcnat action=masquerade out-interface=ether2-is

2 ;;; Loop Back
chain=srcnat action=masquerade src-address=192.168.88.0/24 dst-address=192.168.88.2

3 ;;; FTP-SSH
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=20-25 protocol=tcp dst-address=196.100.100.148 dst-port=20-25

4 ;;; FTP-SSH
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=20-25 protocol=tcp dst-address=41.100.110.10 dst-port=20-25

5 ;;; WEB-APP
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=80-81 protocol=tcp dst-address=196.100.100.148 dst-port=80-81

6 ;;; WEB-APP
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=80-81 protocol=tcp dst-address=41.100.110.10 dst-port=80-81

7 ;;; HTTPS
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=443 protocol=tcp dst-address=196.100.100.148 dst-port=443

8 ;;; HTTPS
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=443 protocol=tcp dst-address=41.100.110.10 dst-port=443

9 ;;; lftp
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=2040-2050 protocol=tcp dst-address=196.100.100.148 dst-port=2040-2050

10 ;;; lftp
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=2040-2050 protocol=tcp dst-address=41.100.110.10 dst-port=2040-2050

11 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3203-3206 protocol=tcp dst-address=196.100.100.148 dst-port=3203-3206

12 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3203-3206 protocol=tcp dst-address=41.100.110.10 dst-port=3203-3206

13 ;;; VNC
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=5900-5935 protocol=tcp dst-address=196.100.100.148 dst-port=5900-5935

14 ;;; VNC
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=5900-5935 protocol=tcp dst-address=41.100.110.10 dst-port=5900-5935

15 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6000-6020 protocol=tcp dst-address=196.100.100.148 dst-port=6000-6020

16 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6000-6020 protocol=tcp dst-address=41.100.110.10 dst-port=6000-6020

17 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6080 protocol=tcp dst-address=196.100.100.148 dst-port=6080

18 chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6080 protocol=tcp dst-address=41.100.110.10 dst-port=6080

19 ;;; KODE-PROGRAM
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=7000 protocol=tcp dst-address=196.100.100.148 dst-port=7000

20 ;;; ECS-COMMUNICATOR
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8080-8082 protocol=tcp dst-address=196.100.100.148 dst-port=8080-8082

21 ;;; ECS-COMMUNICATOR
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8080-8082 protocol=tcp dst-address=41.100.110.10 dst-port=8080-8082

22 ;;; Kode Program
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=9091 protocol=tcp dst-address=196.100.100.148 dst-port=9091

23 ;;; Kode Program
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=9091 protocol=tcp dst-address=41.100.110.10 dst-port=9091

24 ;;; KODE-PROGRAM
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=7000 protocol=tcp dst-address=41.100.110.10 dst-port=7000

25 ;;; KODE-PROGRAM
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=7000 protocol=tcp dst-address=196.100.100.148 dst-port=7000

26 ;;; EAP
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8061 protocol=tcp dst-address=196.100.100.148 dst-port=8061

27 ;;; EAP
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=8061 protocol=tcp dst-address=41.100.110.10 dst-port=8061

28 ;;; Gerrit Web Service
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6500-6501 protocol=tcp dst-address=196.100.100.148 dst-port=6500-6501

29 ;;; Gerrit Web Service
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=6500-6501 protocol=tcp dst-address=41.100.110.10 dst-port=6500-6501

30 ;;; WEB-APP
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=88-89 protocol=tcp dst-address=196.100.100.148 dst-port=88-89

31 ;;; WEB-APP
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=88-89 protocol=tcp dst-address=41.100.110.10 dst-port=88-89

32 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=881 protocol=tcp dst-address=196.100.100.148 dst-port=881

33 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3000 protocol=tcp dst-address=196.100.100.148 dst-port=3000

34 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=143 protocol=tcp dst-address=196.100.100.148 dst-port=143

35 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=110 protocol=tcp dst-address=196.100.100.148 dst-port=110

36 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=881 protocol=tcp dst-address=41.100.110.10 dst-port=881

37 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=110 protocol=tcp dst-address=41.100.110.10 dst-port=110

38 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=3000 protocol=tcp dst-address=41.100.110.10 dst-port=3000

39 ;;; CASHFREE
chain=dstnat action=dst-nat to-addresses=192.168.88.2 to-ports=143 protocol=tcp dst-address=41.100.110.10 dst-port=143

and routing output:

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 41.100.110.9 2
1 A S 0.0.0.0/0 196.100.100.145 2
2 A S 0.0.0.0/0 196.100.100.145 2
3 S 0.0.0.0/0 41.100.110.9 3
4 ADC 41.100.110.0/28 41.100.110.10 ether1-mweb-con... 0
5 ADC 192.168.88.0/24 192.168.88.1 lan-bridge 0
6 ADC 196.100.100.144/28 196.100.100.148 ether2-is 0

thanx aney help will be apreciated!

pcc mail fowarding to spicifice router

pcc mail fowarding to spicifice router

Who is online