syst.eng. Anders Larsen - linux

Port-based routing

2013-03-23T20:14:00+01:00

My current network setup looks somewhat like this:

                         ________     \            /     ________
          __________    |        |    /            \    |        |
_________|          |___| ADSL-  |____\  Internet  /____| root   |
  LAN    | firewall |   | router |    /            \    | server |
         |__________|   |________|    \            /    |________|
             ^                        /            \        ^
             :..............................................:
                              OpenVPN tunnel

My local Internet connection (left-hand side) does not have a fixed IPv4 address, so I used to send outgoing e-mails through my mail-hosting provider, who unfortunately went south last month.

The root-server on the right-hand side, which hosts some virtual machines, has a fixed, global IPv4 address, and since I control the DNS zone file, I decided to have it handle outgoing as well as incoming e-mail traffic.

One of the virtual machines on the root-server hosts a Postfix mail-server, another hosts an Apache web-server.

The easy part was to route incoming traffic to those VMs using iptables on the root-server:

# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination "IP of Postfix VM"
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination "IP of Apache VM"
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source "global IP of root-server"

Now, routing outgoing e-mail traffic from my LAN through the root-server without passing all traffic through the VPN tunnel was a bit more tricky.

First, declare a new routing table for iproute2 on the firewall; let's call it "smtp" and assign it the (arbitrary) number 25:

# echo "25 smtp" >> /etc/iproute2/rt_tables

Next, when the VPN tunnel comes up, add a default route using the new table smtp and force marked packets through that route:

# ip route add default via "root-server IP on VPN" table smtp
# ip rule add fwmark 0x01 lookup smtp

(the above two commands could be placed in the OpenVPN "up" script).

Finally, mark outgoing SMTP packets using iptables on the firewall:

# iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 0x01

Et voilà - SMTP packets originating on the firewall (which queues outgoing e-mails using Postfix) are routed through the VPN tunnel and exit from the root-server (using its global IP address).

With outgoing e-mail traffic originating from a fixed IP address, configuring DKIM and SPF is now possible.

The QNX4 file-system in Linux

2004-02-03T21:01:00+01:00

The QNX4 file-system option in Linux allows you to mount QNX4/QNX6-formatted floppies and hard-disk partitions on your Linux box and access the files as if they were on your native file-system.

It was originally written by Richard A. Frowÿn and Frank Denis, who - due to lack of time - passed the maintainership on to me in december 1999.

I fixed the last severe bugs in Kernels 2.2.15 and 2.3.35; previous versions were quite buggy and did not support fragmented files at all.

Starting with Kernel 2.4.19 it is possible to mount partitions created with QNX version 6.1 and above.

A bug that got exposed by subtle changes to the Virtual File System can cause a complete system hang when using the QNX4 file-system in Kernel 2.4.8 and 2.4.9 - the solution is to comment out line 399 of fs/qnx4/inode.c (the problem was fixed in Kernel 2.4.10)

There's an alternative implementation which supports writing to the QNX partition at http://qnxfs.narod.ru/, but I don't use it myself and cannot guarantee that it will work for you.

Booting Linux on a WindowsCE device

2001-03-13T20:23:00+01:00

I've written a utility to boot Linux 2.2.x via the WinCE loader on the credit-card size PC "DIMM-PC EC" (manufactured by the German company Gesytec GmbH

This module utilizes an AMD Élan SC410 PC-on-a-chip, which, unfortunately, has some peculiarities.

The company Pengutronix provides patches against 2.4.13 .. 2.4.17 which fixes a clock drift problem and provides a work-around for a nasty serial interface bug.

The patches were merged into 2.4.18, so you probably don't need them separately, though.

syst.eng. Anders Larsen - linux

Port-based routing

The QNX4 file-system in Linux

Related software

Booting Linux on a WindowsCE device