* [LARTC] mark & owner for local connections @ 2004-10-15 11:05 rm 2004-10-15 21:37 ` Alexander Samad 0 siblings, 1 reply; 2+ messages in thread From: rm @ 2004-10-15 11:05 UTC (permalink / raw) To: lartc Hi, Host A has two interfaces: eth0, tap0. I want that all locally generated traffic from user 1004 goes through tap0. This is what I did: iptables -A OUTPUT -t mangle -m owner --uid-owner 1004 -j MARK --set-mark 2 echo 202 bigmac.out >> /etc/iproute2/rt_tables ip rule add fwmark 2 table bigmac.out ip route add default via 10.0.0.1 dev tap0 table bigmac.out ip route flush cache This results in these problems: - packets from 1004 are send out via tap0 but with source ip of eth0. (seen in tcpdump -n -i tap0) - iptables packetfilter rules have to bet set on eth0 and not on tap0. (if i deny everything on -o eth0 no packet is send out to -o tap0 anymore..) Ideas? Ralf rm@ingsoc.org _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] mark & owner for local connections 2004-10-15 11:05 [LARTC] mark & owner for local connections rm @ 2004-10-15 21:37 ` Alexander Samad 0 siblings, 0 replies; 2+ messages in thread From: Alexander Samad @ 2004-10-15 21:37 UTC (permalink / raw) To: lartc [-- Attachment #1: Type: text/plain, Size: 1264 bytes --] On Fri, Oct 15, 2004 at 11:05:41AM +0000, rm@ingsoc.org wrote: > Hi, > > Host A has two interfaces: eth0, tap0. > I want that all locally generated traffic from user 1004 goes through > tap0. > > This is what I did: > > iptables -A OUTPUT -t mangle -m owner --uid-owner 1004 -j MARK --set-mark 2 > echo 202 bigmac.out >> /etc/iproute2/rt_tables > ip rule add fwmark 2 table bigmac.out > ip route add default via 10.0.0.1 dev tap0 table bigmac.out why not change this to ip route add default via 10.0.0.1 dev tap0 table bigmac.out src IPADDRESSofTAP0 > ip route flush cache > > This results in these problems: > - packets from 1004 are send out via tap0 but with source ip of eth0. > (seen in tcpdump -n -i tap0) > - iptables packetfilter rules have to bet set on eth0 and not on tap0. > (if i deny everything on -o eth0 no packet is send out to -o tap0 anymore..) From my understanding the tap packets go over eth0, you still need to allow ipip packets (can check with tcpdump) > > > Ideas? > > > Ralf > rm@ingsoc.org > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-10-15 21:37 UTC | newest] Thread overview: 2+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2004-10-15 11:05 [LARTC] mark & owner for local connections rm 2004-10-15 21:37 ` Alexander Samad
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.