Ola pessoal.
Estou precisando de uma ajuda para adicionar mais um link na rede de um cliente. Eu ja consegui fazer a divisão dos links (usar um link para navegar e outro para mandar email). Porém, quando eu tento mandar email, o email é rejeitado (tanto ao tentar enviar, quanto ao tentar receber). Bom, vamos por partes. No meu caso, eu tenho um link dedicado da embratel, com ip fixo, que está funcionando sem problemas. Estou tentando adicionar um link da NET, com ip dinamico. A ideia, é usar o ip da embratel para enviar e receber emails, e o da NET, para a navegaçao...Ja consegui colocar o ip da Net e navegar com ele, porém, os emails não funcionam. Quando tento enviar um email, recebo a seguinte mensagem de erro:

The Postfix program

<renato.rudnicki@gmail.com>: host gmail-smtp-in.l.google.com[72.14.247.27]
said: 550-5.7.1 [201.21.224.119] The IP you're using to send mail is not
authorized 550-5.7.1 to send email directly to our servers. Please use the
SMTP 550-5.7.1 relay at your service provider instead. Learn more at
550 5.7.1 'The IP you're using to send email is not authorized...' - Help Center
18si5430872agb.12 (in reply to end of DATA command)


OBS: minha rede tem um firewall (iptables) e um proxy (squid) no mesmo servidor (ip 192.168.7.105). Também tem um servidor de emails, rodando postfix (ip 192.168.7.104).

Abaixo estou colocando como esta meu firewall original.

# Generated by iptables-save v1.3.8 on Tue Sep 23 10:44:22 2008
*nat
:PREROUTING ACCEPT [716473:54166331]
:POSTROUTING ACCEPT [2413283:20526690499]
:OUTPUT ACCEPT [2407842:20526743312]
-A PREROUTING -p tcp -m tcp --dport 5900 -j DNAT --to-destination 192.168.7.201:5900
-A PREROUTING -p tcp -m tcp --dport 5900 -j DNAT --to-destination 192.168.7.202:5900
-A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 81 -j DNAT --to-destination 192.168.7.101:80
-A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 1494 -j DNAT --to-destination 192.168.7.101
-A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 1494 -j DNAT --to-destination 192.168.7.102
-A PREROUTING -s 192.168.7.0/255.255.255.0 -d 192.168.7.105 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.7.104
-A PREROUTING -s 192.168.7.0/255.255.255.0 -d 192.168.7.105 -p tcp -m tcp --dport 143 -j DNAT --to-destination 192.168.7.104
-A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.7.104
-A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 143 -j DNAT --to-destination 192.168.7.104
-A PREROUTING -d 200.248.222.222 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.7.104
-A POSTROUTING -d 10.10.10.203 -j MASQUERADE
-A POSTROUTING -d 192.168.7.123 -j MASQUERADE
-A POSTROUTING -d 192.168.7.103 -j MASQUERADE
-A POSTROUTING -d 192.168.7.107 -j MASQUERADE
-A POSTROUTING -d 192.168.7.101 -j MASQUERADE
-A POSTROUTING -s 192.168.7.0/255.255.255.0 -j MASQUERADE
COMMIT
# Completed on Tue Sep 23 10:44:22 2008
# Generated by iptables-save v1.3.8 on Tue Sep 23 10:44:22 2008
*filter
:INPUT DROP [44194:5541262]
:FORWARD DROP [47346:2309810]
:OUTPUT ACCEPT [797688631:1063810322067]
-A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 389 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -s 200.213.200.200 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.7.0/255.255.255.0 -j ACCEPT
-A INPUT -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -s 192.168.7.0/255.255.255.0 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -s 192.168.7.105 -j ACCEPT
-A INPUT -s 200.248.222.222 -j ACCEPT
-A INPUT -s 192.168.7.107 -j ACCEPT
-A FORWARD -s 192.168.7.25 -j ACCEPT
-A FORWARD -s 192.168.7.176 -j ACCEPT
-A FORWARD -s 192.168.7.170 -j ACCEPT
-A FORWARD -s 192.168.7.23 -j ACCEPT
-A FORWARD -s 192.168.7.92 -j ACCEPT
-A FORWARD -s 192.168.7.27 -j ACCEPT
-A FORWARD -s 192.168.7.42 -j ACCEPT
-A FORWARD -s 192.168.7.30 -j ACCEPT
-A FORWARD -s 192.168.7.30 -j ACCEPT
-A FORWARD -s 192.168.7.40 -j ACCEPT
-A FORWARD -s 192.168.7.146 -j ACCEPT
-A FORWARD -s 192.168.7.27 -j ACCEPT
-A FORWARD -s 192.168.7.2 -j ACCEPT
-A FORWARD -s 192.168.7.38 -j ACCEPT
-A FORWARD -s 192.168.7.207 -j ACCEPT
-A FORWARD -s 192.168.7.239 -j ACCEPT
-A FORWARD -s 192.168.7.43 -j ACCEPT
-A FORWARD -s 192.168.7.94 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 5017 -j ACCEPT
-A FORWARD -s 192.168.7.29 -j ACCEPT
-A FORWARD -s 192.168.7.35 -j ACCEPT
-A FORWARD -s 192.168.7.34 -j ACCEPT
-A FORWARD -s 192.168.7.33 -j ACCEPT
-A FORWARD -s 192.168.7.9 -j ACCEPT
-A FORWARD -s 192.168.7.31 -j ACCEPT
-A FORWARD -s 192.168.7.108 -j ACCEPT
-A FORWARD -s 192.168.7.29 -j ACCEPT
-A FORWARD -s 192.168.7.27 -j ACCEPT
-A FORWARD -s 192.168.7.26 -j ACCEPT
-A FORWARD -s 192.168.7.99 -j ACCEPT
-A FORWARD -s 192.168.7.2 -j ACCEPT
-A FORWARD -s 192.168.7.2 -j ACCEPT
-A FORWARD -s 192.168.7.94 -j ACCEPT
-A FORWARD -s 192.168.7.53 -j ACCEPT
-A FORWARD -s 192.168.7.6 -j ACCEPT
-A FORWARD -s 10.10.10.203 -j ACCEPT
-A FORWARD -d 10.10.10.203 -j ACCEPT
-A FORWARD -s 192.168.7.68 -j ACCEPT
-A FORWARD -s 192.168.7.25 -j ACCEPT
-A FORWARD -s 192.168.7.26 -j ACCEPT
-A FORWARD -s 192.168.7.66 -j ACCEPT
-A FORWARD -s 192.168.7.100 -j ACCEPT
-A FORWARD -s 192.168.7.101 -j ACCEPT
-A FORWARD -d 192.168.7.101 -j ACCEPT
-A FORWARD -d 192.168.7.102 -j ACCEPT
-A FORWARD -s 192.168.7.102 -j ACCEPT
-A FORWARD -s 192.168.7.104 -j ACCEPT
-A FORWARD -d 192.168.7.104 -j ACCEPT
-A FORWARD -s 192.168.7.105 -j ACCEPT
-A FORWARD -s 192.168.7.123 -j ACCEPT
-A FORWARD -s 192.168.7.200 -j ACCEPT
-A FORWARD -s 192.168.7.254 -j ACCEPT
-A FORWARD -d 64.4.4.4/255.255.0.0 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 200.201.211.211/255.255.0.0 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 2631 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 6901 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 1024:65356 -j ACCEPT
-A FORWARD -d 10.10.10.203 -j ACCEPT
-A FORWARD -d 192.168.7.123 -j ACCEPT
-A FORWARD -d 192.168.7.103 -j ACCEPT
-A FORWARD -d 192.168.7.107 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 3456 -j ACCEPT
-A FORWARD -s 192.168.7.123 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -s 192.168.7.103 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 1863 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 2500 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -p udp -m udp --dport 123 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue Sep 23 10:44:22 2008



Abaixo, segue as modificações que eu fiz para adicionar o link da NET:

IPTABLES - Tabela Mangle:


*mangle
:PREROUTING ACCEPT [3574:2011155]
:INPUT ACCEPT [3373:1996429]
:FORWARD ACCEPT [201:14726]
:OUTPUT ACCEPT [3745:2112186]
:POSTROUTING ACCEPT [3878:2123748]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 3128 -j MARK --set-mark 0x2
-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j MARK --set-mark 0x2
-A INPUT -p tcp -m tcp --dport 25 -j MARK --set-mark 0x3
-A OUTPUT -d 192.168.7.104 -o eth0 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2
-A OUTPUT -p tcp -m tcp --dport 443 -j MARK --set-mark 0x2
-A OUTPUT -p tcp -m tcp --dport 25 -j MARK --set-mark 0x3
COMMIT

Tabela VLENTO:

ip rule add fwmark 2 table main prio 20
ip rule add fwmark 3 table vlento prio 20
ip rule add from 200.248.222.222 table vlento
ip rule add from 193.1.1.5 table vlento
ip rule add from 193.1.1.6 table vlento
ip rule add from 193.1.1.3 table vlento
ip rule add from 193.1.1.13 table vlento
ip route add default via 200.248.222.1 dev eth1 table vlento
ip route flush cache


Se alguem tiver alguma ideia de onde estou errando, eu agradeceria.

[]'s
Renato