From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alexander Samad <alex@samad.com.au>
Date: Fri, 15 Oct 2004 21:37:05 +0000
Subject: Re: [LARTC] mark & owner for local connections
Message-Id: <20041015213705.GA2682@samad.com.au>
MIME-Version: 1
Content-Type: multipart/mixed; boundary="5mCyUwZo2JvN/JJP"
List-Id: <lartc.vger.kernel.org>
References: <20041015110541.GB25388@spirit.segfault.net>
In-Reply-To: <20041015110541.GB25388@spirit.segfault.net>
To: lartc@vger.kernel.org


--5mCyUwZo2JvN/JJP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 15, 2004 at 11:05:41AM +0000, rm@ingsoc.org wrote:
> Hi,
>=20
> Host A has two interfaces: eth0, tap0.
> I want that all locally generated traffic from user 1004 goes through
> tap0.
>=20
> This is what I did:
>=20
> iptables -A OUTPUT -t mangle -m owner --uid-owner 1004 -j MARK --set-mark=
 2
> echo 202        bigmac.out >> /etc/iproute2/rt_tables
> ip rule add fwmark 2 table  bigmac.out
> ip route add default via 10.0.0.1 dev tap0 table bigmac.out

why not change this to=20
ip route add default via 10.0.0.1 dev tap0 table bigmac.out src
IPADDRESSofTAP0


> ip route flush cache
>=20
> This results in these problems:
> - packets from 1004 are send out via tap0 but with source ip of eth0.
>   (seen in tcpdump -n -i tap0)
> - iptables packetfilter rules have to bet set on eth0 and not on tap0.
>   (if i deny everything on -o eth0 no packet is send out to -o tap0 anymo=
re..)

=46rom my understanding the tap packets go over eth0, you still need to
allow ipip packets (can check with tcpdump)

>=20
>=20
> Ideas?
>=20
>=20
> Ralf
> rm@ingsoc.org
>=20
>=20
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>=20

--5mCyUwZo2JvN/JJP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBcEMBkZz88chpJ2MRAuHhAKCDmds3HXhlqJ2g/BEYBunxO0D+7gCgz7eC
1TbpWIWn+q/tFVqEg1SJgSU=
=wBPi
-----END PGP SIGNATURE-----

--5mCyUwZo2JvN/JJP--
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/